CVE-2022-20759

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A flaw exists in the web services interface for remote access VPN features. This issue is caused by improper separation of authentication and authorization scopes, potentially allowing an authenticated, unprivileged remote attacker to elevate privileges to level 15. An attacker can exploit this by sending specially crafted HTTPS messages to the web services interface of an affected device. Successful exploitation could grant the attacker level 15 access to the web management interface, including access through tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). For Cisco FTD Software, the impact is limited to read-only access to the web management interface. Recent data indicates approximately 81,000 exploit attempts related to this issue have been observed in the past 7 days, including login bruteforce attempts. The exploitation involves sending crafted HTTPS messages to the ''/api'' endpoint. The vulnerable parameter is not explicitly mentioned.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.