CVE-2022-20928 : Security Advisory and Response

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user.

Understanding CVE-2022-20928

This CVE refers to a flaw in the authorization verifications during the VPN authentication flow in Cisco ASA and FTD Software.

What is CVE-2022-20928?

The vulnerability allows an attacker with valid credentials to establish a VPN connection with access privileges from a different user.

The Impact of CVE-2022-20928

If successfully exploited, an attacker can establish a VPN connection as a different user, potentially leading to unauthorized access to sensitive information.

Technical Details of CVE-2022-20928

Vulnerability Description

The flaw lies in the VPN authentication flow's authorization verifications, allowing an attacker to send crafted packets to exploit the vulnerability.

Affected Systems and Versions

Cisco Adaptive Security Appliance (ASA) Software: Multiple versions from 9.6.1 to 9.9.2.85 are affected.
Cisco Firepower Threat Defense Software: Multiple versions from 6.1.0 to 7.1.0.2 are affected.
Cisco FirePOWER Services Software for ASA: Not Applicable (N/A)

Exploitation Mechanism

The attacker needs valid credentials to exploit the vulnerability by sending a crafted packet during VPN authentication.

Mitigation and Prevention

Immediate Steps to Take

It is recommended to apply the relevant patches provided by Cisco to address this vulnerability.

Long-Term Security Practices

Regularly update and patch your Cisco ASA and FTD Software to prevent potential security breaches.

Patching and Updates

Ensure to stay updated with the latest security advisories from Cisco and apply patches promptly to mitigate the risk of exploitation.