{"containers": {"cna": {"affected": [{"product": "Cisco FirePOWER Services Software for ASA", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-236", "description": "CWE-236", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-05T16:06:12", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"}, {"tags": ["x_refsource_MISC"], "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"}], "source": {"advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG", "defect": [["CSCwb32418"]], "discovery": "INTERNAL"}, "title": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-06-22T23:00:00", "ID": "CVE-2022-20828", "STATE": "PUBLIC", "TITLE": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco FirePOWER Services Software for ASA", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."}]}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-236"}]}]}, "references": {"reference_data": [{"name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"}, {"name": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "refsource": "MISC", "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"}, {"name": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"}]}, "source": {"advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG", "defect": [["CSCwb32418"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:50.067Z"}, "title": "CVE Program Container", "references": [{"name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-01T18:42:47.498802Z", "id": "CVE-2022-20828", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T19:00:55.956Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20828", "datePublished": "2022-06-24T15:25:16.277268Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-01T19:00:55.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG", "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:50.067Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-20828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-01T18:42:47.498802Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T18:42:58.167Z"}}], "cna": {"title": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "source": {"defect": [["CSCwb32418"]], "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco FirePOWER Services Software for ASA", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2022-06-22T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG", "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "tags": ["x_refsource_MISC"]}, {"url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-236", "description": "CWE-236"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2022-09-05T16:06:12"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "6.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}}, "source": {"defect": [["CSCwb32418"]], "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco FirePOWER Services Software for ASA"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG", "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "refsource": "CISCO"}, {"url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "name": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/", "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html", "name": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-236"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-20828", "STATE": "PUBLIC", "TITLE": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-06-22T23:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2022-20828", "state": "PUBLISHED", "dateUpdated": "2024-11-01T19:00:55.956Z", "dateReserved": "2021-11-02T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2022-06-24T15:25:16.277268Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*", "matchCriteriaId": "2948FC9B-05A4-4E9B-9FE2-A4941CC94DD9", "versionEndExcluding": "6.2.3.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DF32EC7-CC7E-46F5-9D1E-E0EE461261A7", "versionEndExcluding": "6.4.0.15", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*", "matchCriteriaId": "03F7B0B9-A618-4E8D-A767-A209A1FA0A5D", "versionEndExcluding": "6.6.7", "versionStartIncluding": "6.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:asa_firepower:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D71271D-11C6-4F43-91EE-85D4419C9C8F", "versionEndExcluding": "7.0.2.1", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_management_center:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C29140C-1C4C-48DD-BED4-1FA0BFDC565D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:firepower_management_center_virtual_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B4F454C-D675-426F-961F-3A85BBF4AD4A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."}, {"lang": "es", "value": "Una vulnerabilidad en el analizador de la CLI del software Cisco FirePOWER para el m\u00f3dulo FirePOWER de Adaptive Security Appliance (ASA) podr\u00eda permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema operativo subyacente de un m\u00f3dulo ASA FirePOWER afectado como usuario root. Esta vulnerabilidad es debido al manejo inapropiado de par\u00e1metros de comando no definidos. Un atacante podr\u00eda aprovechar esta vulnerabilidad usando un comando dise\u00f1ado en la CLI o enviando una petici\u00f3n HTTPS dise\u00f1ada a la interfaz de administraci\u00f3n basada en web del Cisco ASA que aloja el m\u00f3dulo ASA FirePOWER. Nota: Para aprovechar esta vulnerabilidad, el atacante debe tener acceso administrativo al Cisco ASA. Es esperado que un usuario que tenga acceso administrativo a un determinado Cisco ASA tambi\u00e9n tenga acceso administrativo al m\u00f3dulo ASA FirePOWER que est\u00e1 alojado en ese Cisco ASA"}], "id": "CVE-2022-20828", "lastModified": "2024-11-21T06:43:38.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T16:15:08.523", "references": [{"source": "ykramarz@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"}, {"source": "ykramarz@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-236"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}