Vulnerability in Cisco Adaptive Security Appliance (Asa) Software
CVE-2022-20829
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrati…
EPSS: 0.049 (89.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Cisco Adaptive Security Appliance (Asa) Software — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 20220622 Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)
- www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-… (x_refsource_MISC)
- github.com/jbaines-r7/theway (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-20829?
- CVE-2022-20829 is a critical-severity vulnerability in Cisco Adaptive Security Appliance (Asa) Software, classified under Insufficient Verification of Data Authenticity. CVSS score: 9.1/10. Published 2022-06-24.
- How severe is CVE-2022-20829?
- Critical severity. CVSS v3 base score is 9.1 out of 10.
- Is CVE-2022-20829 known to be exploited?
- 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.