The vulnerability of Cisco ASA could allow an attacker to get into the internal network


Cisco has fixed the heap overflow vulnerability ( CVE-2022-20737 , 8.5 points on the CVSS 3.0 scale) in the Cisco Adaptive Security Appliance (ASA), discovered by Positive Technologies researcher Nikita Abramov. The vulnerability allows an authenticated attacker to cause a denial of service (DoS) condition on a vulnerable device or gain access to its memory, which may contain confidential information.

«If an attacker has access to the SSL VPN client remote access tool built into Cisco ASA, then he can use this tool to generate a special type of requests and then send them to the site controlled by the attacker. A certain sequence of such requests can lead to leakage of the contents of the Cisco ASA memory, which, in turn, may contain confidential data, such as cookies or active user sessions, part of configuration data, user names and passwords, and much more. With the help of such information, you can, for example, get into another subnet or even access the admin panel. The vulnerability also allows you to cause a failure in the operation of the Cisco ASA, deactivating, in particular, the remote access tool for all users of the firewall», — he told me Nikita Abramov.

This is not the first vulnerability in Cisco ASA that is dangerous for the corporate network. In May 2020, the number of devices accessible from the Internet and vulnerable to another error in Cisco ASA (CVE-2020-3187), which allowed for a minute to disable VPN or intercept the user ID to access the internal network, was estimated at 220 thousand. Almost half of them were in the USA (47%), followed by the UK (6%), Germany and Canada (4% each), Japan and Russia (2% each).

A description of this vulnerability and ways to eliminate it were included in the regular six-month package of Cisco recommendations dated April 27, 2022, concerning the security of Cisco ASA, FMC and FTD software. The package includes 17 recommendations for 19 vulnerabilities in Cisco ASA, FMC and FTD.

MaxPatrol VM, a new generation vulnerability management system, will help ensure continuous monitoring of vulnerabilities within the infrastructure.

Earlier, Nikita Abramov also helped eliminate the vulnerability CVE-2021-34704 in Cisco ASA and Cisco FTD (Firepower Threat Defense), which could lead to denial of service.

According to IDC data and a report by Forrester Research, Cisco occupies a leading position in the hardware firewall market. According to the company, there are more than 1 million security devices of its production in the world.