• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-20759- A Privilege Escalation Vulnerability In Cisco ASA And Cisco FTD
How to Fix CVE-2022-20759- A Privilege Escalation Vulnerability in Cisco ASA and Cisco FTD

The network appliances manufacturer giant Cisco published an advisory on 3rd May in which Cisco detailed a privilege escalation vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). The vulnerability tracked as CVE-2022-20759 is a high severity vulnerability with a CVSS score of 8.8 out of 10. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices. Since this flaw allow the attacker to gain privilege level 15 access to the web management interface of the affected devices. It is important to fix the CVE-2022-20759 vulnerability. Let’s see how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.

About Cisco ASA And Cisco FTD:

Cisco ASA (Adaptive Security Appliance):

Cisco ASA is a security device that provides firewall and VPN capabilities for small to medium sized businesses. It is easy to deploy and manage, and offers a wide range of features to keep your network safe. Cisco ASA is a cost-effective way to protect your business from online threats.

Cisco ASA features include:

  • Firewall protection
  • Intrusion prevention
  • Malware protection
  • Web, URL & Content filtering
  • Anti-spam
  • Email security
  • DLP

Cisco ASA also offers a number of advanced features, such as:

  • Site-to-site VPN
  • Remote access VPN
  • SSL VPN
  • VLAN
  • Traffic shaping and rate limiting
  • Application visibility and control

Whether you’re looking for basic security or advanced protection, Cisco ASA has the features you need to keep your business safe from online threats. So if you’re looking for a reliable and scalable security solution, be sure to consider Cisco ASA.

Cisco Firepower Threat Defense (FTD) is a unified software image, which bundles Cisco ASA with FirePOWER Services and Cisco’s Next-Generation Intrusion Prevention System (NGIPS). Cisco FTD provides comprehensive security capabilities that enable organisations to defend themselves against today’s advanced threats. Cisco FTD offers several key benefits, including:

  • Improved performance and scalability: Cisco FTD provides up to 5x better performance than the Cisco ASA, making it better equipped to handle today’s demanding traffic loads. In addition, Cisco FTD can be deployed in high availability (HA) configurations to provide even greater resilience.
  • Lower total cost of ownership: Cisco FTD consolidates multiple security functions into a single appliance, reducing complexity and management overhead. Cisco Next-Generation Firewall subscriptions are also available, enabling organisations to easily scale their security as their network grows.
  • Enhanced threat protection: Cisco FTD integrates Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Threat Grid intelligence services, and Cisco Umbrella cloud security solutions to provide comprehensive threat visibility, detection and prevention capabilities.

If you’re looking for improved security that can keep up with the demands of your network traffic, Cisco FTD is a great choice. With its advanced threat detection capabilities and streamlined platform architecture, Cisco FTD can help you stay ahead of evolving threats while lowering costs and increasing efficiency. To learn more about Cisco’s FTD offering, visit Cisco’s website today. Cisco Firepower Threat Defense is a great way to improve your organization’s security posture while red

Summary Of CVE-2022-20759:

This is a privilege escalation vulnerability in Cisco ASA and Cisco FTD software. This flaw is due to improper separation of authentication and authorization scopes. This vulnerability could allow attackers to exploit just by sending crafted HTTPS messages to the web management interface of an affected device. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices using management tools like the Cisco ASDM (Adaptive Security Device Manager) or the Cisco CSM (Security Manager).

Associated CVE IDCVE-2022-20759
DescriptionA Privilege Escalation Vulnerability in Cisco ASA and Cisco FTD
Associated ZDI ID
CVSS Score8.8 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Products Affected By CVE-2022-20714:

Cisco advisory says that this vulnerability affects the products that runs a vulnerable version of Cisco ASA or Cisco FTD Software with these conditions.

  • HTTPS Management Access and IKEv2 Client Services are both enabled on at least one (not necessarily the same) interface
  • HTTPS Management Access and WebVPN are both enabled on at least one (not necessarily the same) interface

These services were enabled as part of their default configuration. So it is necessary to look at how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.

Most of the Cisco ASA software v 9.17 and earlier are prone to this flaw. On an important note, v9.9, 9.10, and 9.13 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.

Most of the Cisco FMC and FTD software v7.1.0 and earlier are prone to this flaw. On an important note, v6.3.0 and 6.5.0 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.

Please see the more details about the affected versions in the ‘How to Fix’ section of this post.

Products Safe From CVE-2022-20759:

Cisco says that Cisco FMC software is safe from this flaw. It is need not to worry about Cisco Firepower Management Center (FMC).

How To Determine Your Device Is Vulnerable TRun this command to see the IKEv2 client service status:o CVE-2022-20759?

It can be easily determine by checking the status on HTTP server,IKEv2 Client Services, and the WebVPN Configuration on the devices.

How to check the HTTP Server Status?

Run this command to see the HTTP server status:

# show running-config http

asa# show running-config http          
http server enable 8443
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside

This command shows weather HTTPS management access is enabled on the inside and outside interface with ACL rules and access port number.

If there is no port number, the default value is 443. If no ACL rules displayed, then ACLs are concluded disabled.

How to check the IKEv2 Client Service Status?

Run this command to see the IKEv2 client service status:
# show running-config crypto ikev2 | include port

asa# show running-config crypto ikev2 | include port
crypto ikev2 enable outside client-services port 8443

This command shows weather the IKEv2 client service status is enabled on the inside and outside interface with port number. If there is no output, then the IKEv2 client service is disabled.

How to check the WebVPN Configuration?

Run this command to see the WebVPN Configuration:
# show running-config all webvpn | include ^ port |^ enable

asa# show running-config all webvpn | include ^ port |^ enable
 port 8443
 enable outside

This command shows weather the WebVPN Configuration is enabled on the inside and outside interface with port number. If there is no output, then the WebVPN is disabled.

How To Fix CVE-2022-20759- A Privilege Escalation Vulnerability In Cisco ASA And Cisco FTD?

Cisco confirmed there is no workaround to fix this flaw, but it released a free software updates to fix CVE-2022-20759. Please refer these two tables to see the vulnerable versions of Cisco ASA and Cisco FTD software with recommended fixes.

Cisco ASA Software:

Cisco ASA Software ReleaseFirst Fixed Release for This VulnerabilityFirst Fixed Release for All Vulnerabilities Described in the Bundle of Advisories
9.7 and earlier1Migrate to a fixed release.Migrate to a fixed release.
9.89.8.4.43Migrate to a fixed release.
9.91Migrate to a fixed release.Migrate to a fixed release.
9.101Migrate to a fixed release.Migrate to a fixed release.
9.129.12.4.389.12.4.38
9.131Migrate to a fixed release.Migrate to a fixed release.
9.149.14.49.14.4
9.159.15.1.219.15.1.21
9.169.16.2.139.16.2.14
9.179.17.1.79.17.7

Cisco FTD Software:

Cisco FTD Software ReleaseFirst Fixed Release for This VulnerabilityFirst Fixed Release for All Vulnerabilities Described in the Bundle of Advisories
6.2.2 and earlier1Migrate to a fixed release.Migrate to a fixed release.
6.2.3Migrate to a fixed release.Migrate to a fixed release.
6.3.01Migrate to a fixed release.Migrate to a fixed release.
6.4.06.4.0.15 (May 2022)6.4.0.15 (May 2022)
6.5.01Migrate to a fixed release.Migrate to a fixed release.
6.6.06.6.5.26.6.5.2
6.7.0Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP1K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_FP2K_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Cisco_FTD_SSP_Hotfix_AA-6.7.0.4-2.sh.REL.tar
Migrate to a fixed release.
7.0.07.0.2 (May 2022)7.0.2 (May 2022)
7.1.07.1.0.17.1.0.1

We hope this post will help you how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.