CVE-2022-20928

Vulnerability

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This flaw exists in the authorization verifications during the VPN authentication flow and affects multiple releases of both Cisco ASA and FTD Software [1].

Exploitation

An attacker must have valid credentials to establish a VPN connection but can exploit the flaw by sending a crafted packet during the VPN authentication sequence. The exploitation requires network access to the vulnerable device and no prior authentication beyond the valid credentials, as the issue lies in the authorization step after successful credential verification [1].

Impact

A successful exploit allows the attacker to establish a VPN connection with access privileges from a different user, effectively bypassing the intended authorization controls. This could lead to unauthorized access to internal network resources and information disclosure, depending on the privileges of the impersonated user [1].

Mitigation

Cisco has released software updates to address this vulnerability. Customers are advised to consult the Cisco Software Checker tool to determine their exposure and identify the earliest fixed release for their software version. No workarounds are available, and users should upgrade to a patched release as indicated in the Cisco Security Advisory [1].