CVE-2022-20928

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A flaw in the authorization verifications during the VPN authentication flow could allow an unauthenticated, remote attacker to establish a connection as a different user. The attacker must have valid credentials to establish a VPN connection. This issue is due to a vulnerability in the authentication and authorization flows for VPN connections. An attacker could exploit this by sending a crafted packet during a VPN authentication, potentially allowing them to establish a VPN connection with access privileges from a different user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.