CVE-2022-20928 - Incorrect Authorization

Severity

57%

Complexity

39%

Confidentiality

23%

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user.

CVSS 3.1 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).

Demo Examples

Incorrect Authorization

CWE-863

The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user's authorization using a value stored in a cookie.


               
}
}
setcookie("role", $role, time()+60*60*2);
die("\n");
DisplayMedicalHistory($_POST['patient_ID']);
die("You are not Authorized to view this record\n");

The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the "role" cookie to the value "Reader". As a result, the $role variable is "Reader", and getRole() is never invoked. The attacker has bypassed the authorization system.

Overview

Type

Cisco

First reported 2 years ago

2022-11-15 21:15:00

Last updated 2 years ago

2022-11-21 15:08:00

Affected Software

Cisco Adaptive Security Appliance (ASA) 9.6.2

9.6.2

Cisco Adaptive Security Appliance (ASA) 9.6.4.30

9.6.4.30

Cisco Adaptive Security Appliance (ASA) 9.6.4.34

9.6.4.34

Cisco Adaptive Security Appliance 9.6.4.36

9.6.4.36

Cisco Adaptive Security Appliance 9.6.4.40

9.6.4.40

Cisco Adaptive Security Appliance (ASA) 9.8.4

9.8.4

Cisco Adaptive Security Appliance (ASA) 9.8.4.7

9.8.4.7

Cisco Adaptive Security Appliance (ASA) 9.8.4.10

9.8.4.10

Cisco Adaptive Security Appliance 9.8.4.17

9.8.4.17

Cisco Adaptive Security Appliance (ASA) 9.9.2.50

9.9.2.50

Cisco Adaptive Security Appliance (ASA) 9.9.2.56

9.9.2.56

Cisco Adaptive Security Appliance 9.9.2.66

9.9.2.66

Cisco Adaptive Security Appliance (ASA) 9.10.1.22

9.10.1.22

Cisco Adaptive Security Appliance (ASA) 9.10.1.27

9.10.1.27

Cisco Adaptive Security Appliance (ASA) 9.10.1.30

9.10.1.30

Cisco Adaptive Security Appliance 9.10.1.37

9.10.1.37

Cisco Adaptive Security Appliance (ASA) 9.12.2.5

9.12.2.5

Cisco Adaptive Security Appliance (ASA) 9.12.2.9

9.12.2.9

Cisco Adaptive Security Appliance 9.12.3

9.12.3

Cisco Adaptive Security Appliance 9.12.3.7

9.12.3.7

Cisco Adaptive Security Appliance (ASA) 9.12.2.1

9.12.2.1

Cisco Adaptive Security Appliance (ASA) 9.13.1

9.13.1

Cisco Adaptive Security Appliance 9.13.1.2

9.13.1.2

Cisco Adaptive Security Appliance 9.13.1.7

9.13.1.7

Cisco Firepower Threat Defense 6.2.0

6.2.0

Cisco Firepower Threat Defense 6.1.0.2

6.1.0.2

Cisco Firepower Threat Defense 6.1.0

6.1.0

Cisco Firepower Threat Defense 6.2.2

6.2.2

Cisco Firepower Threat Defense 6.2.1

6.2.1

Cisco Firepower Threat Defense 6.2.3

6.2.3

Cisco Firepower Threat Defense 6.1.0.5

6.1.0.5

Cisco Firepower Threat Defense 6.2.0.2

6.2.0.2

Cisco Firepower Threat Defense (FTD) 6.2.3.1

6.2.3.1

Cisco Firepower Threat Defense 6.2.3.12

6.2.3.12

Cisco Firepower Threat Defense 6.2.3.13

6.2.3.13

Cisco Firepower Threat Defense (FTD) 6.2.3.14

6.2.3.14

Cisco Firepower Threat Defense (FTD) 6.2.3.15

6.2.3.15

Cisco Firepower Threat Defense 6.6.0

6.6.0

Cisco Firepower Threat Defense (FTD) 6.3.0

6.3.0

Cisco Firepower Threat Defense (FTD) 6.4.0

6.4.0

Cisco Firepower Threat Defense (FTD) 6.5.0

6.5.0

Cisco Firepower Threat Defense 6.1.0.1

6.1.0.1

Cisco Firepower Threat Defense 6.1.0.3

6.1.0.3

Cisco Firepower Threat Defense 6.1.0.4

6.1.0.4

Cisco Firepower Threat Defense 6.1.0.6

6.1.0.6

Cisco Firepower Threat Defense 6.1.0.7

6.1.0.7

Cisco Firepower Threat Defense 6.2.0.1

6.2.0.1

Cisco Firepower Threat Defense 6.2.0.3

6.2.0.3

Cisco Firepower Threat Defense 6.2.0.4

6.2.0.4

Cisco Firepower Threat Defense 6.2.2.1

6.2.2.1

Cisco Firepower Threat Defense (FTD) 6.2.2.2

6.2.2.2

Cisco Firepower Threat Defense 6.2.3.2

6.2.3.2

Cisco Firepower Threat Defense 6.2.3.3

6.2.3.3

Cisco Firepower Threat Defense 6.2.3.4

6.2.3.4

Cisco Firepower Threat Defense 6.2.3.5

6.2.3.5

Cisco Firepower Threat Defense (FTD) 6.2.2.3

6.2.2.3

Cisco Firepower Threat Defense 6.2.2.4

6.2.2.4

Cisco Firepower Threat Defense 6.2.0.5

6.2.0.5

Cisco Firepower Threat Defense 6.2.3.6

6.2.3.6

Cisco Firepower Threat Defense 6.2.2.5

6.2.2.5

Cisco Firepower Threat Defense 6.2.3.7

6.2.3.7

Cisco Firepower Threat Defense 6.2.3.10

6.2.3.10

Cisco Firepower Threat Defense 6.2.3.11

6.2.3.11

Cisco Firepower Threat Defense 6.2.3.9

6.2.3.9

Cisco Firepower Threat Defense (FTD) 6.2.3.16

6.2.3.16

Cisco Firepower Threat Defense 6.3.0.1

6.3.0.1

Cisco Firepower Threat Defense 6.3.0.2

6.3.0.2

Cisco Firepower Threat Defense 6.3.0.3

6.3.0.3

Cisco Firepower Threat Defense (FTD) 6.3.0.4

6.3.0.4

Cisco Firepower Threat Defense (FTD) 6.3.0.5

6.3.0.5

Cisco Firepower Threat Defense (FTD) 6.4.0.1

6.4.0.1

Cisco Firepower Threat Defense 6.4.0.3

6.4.0.3

Cisco Firepower Threat Defense (FTD) 6.4.0.2

6.4.0.2

Cisco Firepower Threat Defense (FTD) 6.4.0.4

6.4.0.4

Cisco Firepower Threat Defense (FTD) 6.4.0.5

6.4.0.5

Cisco Firepower Threat Defense (FTD) 6.4.0.6

6.4.0.6

Cisco Firepower Threat Defense (FTD) 6.4.0.7

6.4.0.7

Cisco Firepower Threat Defense (FTD) 6.4.0.8

6.4.0.8

Cisco Firepower Threat Defense 6.4.0.9

6.4.0.9

Cisco Firepower Threat Defense (FTD) 6.5.0.2

6.5.0.2

Cisco Firepower Threat Defense (FTD) 6.5.0.3

6.5.0.3

Cisco Firepower Threat Defense 6.5.0.5

6.5.0.5

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.