IQID:24839 Cisco ASA-X With FirePOWER Services Authenticated Command Injection S
IQID: 24839 - September 2022
This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.
A Full Description is available for this threat, please sign in for access to Full Description.
Attack Data
Attack Data is available for this threat, please sign in for access to Attack Data.
CVSS Information
CVSS Information is available for this threat, please sign in for access to CVSS Information.
Date
Date Information is available for this threat, please sign in for access to Date Information.
External Resources
External resources are available for this threat, please sign in for access to external resources.
Security Rule
A security rule is available to identify this threat, please sign in for access to security rules.
Permalink
Link directly to this page.
http://www.idappcom.com/db/?24839
© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.