Table of Contents
May 5, 2022
|8m
How To Fix CVE-2022-20759- A Privilege Escalation Vulnerability In Cisco ASA And Cisco FTD
The network appliances manufacturer giant Cisco published an advisory on 3rd May in which Cisco detailed a privilege escalation vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). The vulnerability tracked as CVE-2022-20759 is a high severity vulnerability with a CVSS score of 8.8 out of 10. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices. Since this flaw allow the attacker to gain privilege level 15 access to the web management interface of the affected devices. It is important to fix the CVE-2022-20759 vulnerability. Let’s see how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.
About Cisco ASA And Cisco FTD:
Cisco ASA (Adaptive Security Appliance):
Cisco ASA is a security device that provides firewall and VPN capabilities for small to medium sized businesses. It is easy to deploy and manage, and offers a wide range of features to keep your network safe. Cisco ASA is a cost-effective way to protect your business from online threats.
Cisco ASA features include:
Firewall protection
Intrusion prevention
Malware protection
Web, URL & Content filtering
Anti-spam
Email security
DLP
Cisco ASA also offers a number of advanced features, such as:
Site-to-site VPN
Remote access VPN
SSL VPN
VLAN
Traffic shaping and rate limiting
Application visibility and control
Whether you’re looking for basic security or advanced protection, Cisco ASA has the features you need to keep your business safe from online threats. So if you’re looking for a reliable and scalable security solution, be sure to consider Cisco ASA.
Cisco Firepower Threat Defense (FTD) is a unified software image, which bundles Cisco ASA with FirePOWER Services and Cisco’s Next-Generation Intrusion Prevention System (NGIPS). Cisco FTD provides comprehensive security capabilities that enable organisations to defend themselves against today’s advanced threats. Cisco FTD offers several key benefits, including:
Improved performance and scalability: Cisco FTD provides up to 5x better performance than the Cisco ASA, making it better equipped to handle today’s demanding traffic loads. In addition, Cisco FTD can be deployed in high availability (HA) configurations to provide even greater resilience.
Lower total cost of ownership: Cisco FTD consolidates multiple security functions into a single appliance, reducing complexity and management overhead. Cisco Next-Generation Firewall subscriptions are also available, enabling organisations to easily scale their security as their network grows.
Enhanced threat protection: Cisco FTD integrates Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Threat Grid intelligence services, and Cisco Umbrella cloud security solutions to provide comprehensive threat visibility, detection and prevention capabilities.
If you’re looking for improved security that can keep up with the demands of your network traffic, Cisco FTD is a great choice. With its advanced threat detection capabilities and streamlined platform architecture, Cisco FTD can help you stay ahead of evolving threats while lowering costs and increasing efficiency. To learn more about Cisco’s FTD offering, visit Cisco’s website today. Cisco Firepower Threat Defense is a great way to improve your organization’s security posture while red
Summary Of CVE-2022-20759:
This is a privilege escalation vulnerability in Cisco ASA and Cisco FTD software. This flaw is due to improper separation of authentication and authorization scopes. This vulnerability could allow attackers to exploit just by sending crafted HTTPS messages to the web management interface of an affected device. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices using management tools like the Cisco ASDM (Adaptive Security Device Manager) or the Cisco CSM (Security Manager).
| Associated CVE ID | CVE-2022-20759 |
| Description | A Privilege Escalation Vulnerability in Cisco ASA and Cisco FTD |
| Associated ZDI ID | – |
| CVSS Score | 8.8 High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Products Affected By CVE-2022-20714:
Cisco advisory says that this vulnerability affects the products that runs a vulnerable version of Cisco ASA or Cisco FTD Software with these conditions.
HTTPS Management Access and IKEv2 Client Services are both enabled on at least one (not necessarily the same) interface
HTTPS Management Access and WebVPN are both enabled on at least one (not necessarily the same) interface
These services were enabled as part of their default configuration. So it is necessary to look at how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.
Most of the Cisco ASA software v 9.17 and earlier are prone to this flaw. On an important note, v9.9, 9.10, and 9.13 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.
Most of the Cisco FMC and FTD software v7.1.0 and earlier are prone to this flaw. On an important note, v6.3.0 and 6.5.0 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.
Please see the more details about the affected versions in the ‘How to Fix’ section of this post.
Products Safe From CVE-2022-20759:
Cisco says that Cisco FMC software is safe from this flaw. It is need not to worry about Cisco Firepower Management Center (FMC).
How To Determine Your Device Is Vulnerable TRun this command to see the IKEv2 client service status:o CVE-2022-20759?
It can be easily determine by checking the status on HTTP server,IKEv2 Client Services, and the WebVPN Configuration on the devices.
How to check the HTTP Server Status?
Run this command to see the HTTP server status:
# show running-config http
asa# show running-config http
http server enable 8443
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outsideThis command shows weather HTTPS management access is enabled on the inside and outside interface with ACL rules and access port number.
If there is no port number, the default value is 443. If no ACL rules displayed, then ACLs are concluded disabled.
How to check the IKEv2 Client Service Status?
Run this command to see the IKEv2 client service status:
# show running-config crypto ikev2 | include port
asa# show running-config crypto ikev2 | include port
crypto ikev2 enable outside client-services port 8443This command shows weather the IKEv2 client service status is enabled on the inside and outside interface with port number. If there is no output, then the IKEv2 client service is disabled.
How to check the WebVPN Configuration?
Run this command to see the WebVPN Configuration:
# show running-config all webvpn | include ^ port |^ enable
asa# show running-config all webvpn | include ^ port |^ enable
port 8443
enable outsideThis command shows weather the WebVPN Configuration is enabled on the inside and outside interface with port number. If there is no output, then the WebVPN is disabled.
How To Fix CVE-2022-20759- A Privilege Escalation Vulnerability In Cisco ASA And Cisco FTD?
Cisco confirmed there is no workaround to fix this flaw, but it released a free software updates to fix CVE-2022-20759. Please refer these two tables to see the vulnerable versions of Cisco ASA and Cisco FTD software with recommended fixes.
Cisco ASA Software:
| Cisco ASA Software Release | First Fixed Release for This Vulnerability | First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories |
|---|---|---|
| 9.7 and earlier1 | Migrate to a fixed release. | Migrate to a fixed release. |
| 9.8 | 9.8.4.43 | Migrate to a fixed release. |
| 9.91 | Migrate to a fixed release. | Migrate to a fixed release. |
| 9.101 | Migrate to a fixed release. | Migrate to a fixed release. |
| 9.12 | 9.12.4.38 | 9.12.4.38 |
| 9.131 | Migrate to a fixed release. | Migrate to a fixed release. |
| 9.14 | 9.14.4 | 9.14.4 |
| 9.15 | 9.15.1.21 | 9.15.1.21 |
| 9.16 | 9.16.2.13 | 9.16.2.14 |
| 9.17 | 9.17.1.7 | 9.17.7 |
Cisco FTD Software:
| Cisco FTD Software Release | First Fixed Release for This Vulnerability | First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories |
|---|---|---|
| 6.2.2 and earlier1 | Migrate to a fixed release. | Migrate to a fixed release. |
| 6.2.3 | Migrate to a fixed release. | Migrate to a fixed release. |
| 6.3.01 | Migrate to a fixed release. | Migrate to a fixed release. |
| 6.4.0 | 6.4.0.15 (May 2022) | 6.4.0.15 (May 2022) |
| 6.5.01 | Migrate to a fixed release. | Migrate to a fixed release. |
| 6.6.0 | 6.6.5.2 | 6.6.5.2 |
| 6.7.0 | Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar | Migrate to a fixed release. |
| 7.0.0 | 7.0.2 (May 2022) | 7.0.2 (May 2022) |
| 7.1.0 | 7.1.0.1 | 7.1.0.1 |
We hope this post would help you how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
How To Fix CVE-2022-20695- A Critical Authentication Bypass Vulnerability In Cisco WLC
How To Fix CVE-2022-20650- The New RCE Vulnerability In Cisco Switches?
How To Fix CVE-2022-20623- A Denial Of Service Vulnerability In Cisco Nexus 9000 Series Switches
How To Fix CVE-2022-20798- An Authentication Bypass Vulnerability In Cisco ESA And Cisco SMA
How To Fix CVE-2022-20857- An Arbitrary Command Execution Vulnerability In Cisco Nexus Dashboard
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
