What is CVE-2022-20928?

CVE-2022-20928 is a medium-severity vulnerability in Cisco Adaptive Security Appliance (Asa) Software, classified under Incorrect Authorization. CVSS score: 5.8/10. Published 2022-11-10.

How severe is CVE-2022-20928?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Auth bypass in Cisco Adaptive Security Appliance (Asa) Software

CVE-2022-20928

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish…

Vulnerability class: Broken Access Control

EPSS: 0.002 (36.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Cisco Adaptive Security Appliance (Asa) Software — versions 9.8.1, 9.8.1.5, 9.8.1.7
Cisco Firepower Services Software For Asa — versions N/A
Cisco Firepower Threat Defense Software — versions 6.2.3, 6.2.3.1, 6.2.3.2

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

cisco-sa-asa-ftd-vp-authz-N2GckjN6

Frequently asked questions

What is CVE-2022-20928?: CVE-2022-20928 is a medium-severity vulnerability in Cisco Adaptive Security Appliance (Asa) Software, classified under Incorrect Authorization. CVSS score: 5.8/10. Published 2022-11-10.
How severe is CVE-2022-20928?: Medium severity. CVSS v3 base score is 5.8 out of 10.