CVE-2022-20826 MEDIUM

CVE-2022-20826

Vendor Cisco
Product Cisco Adaptive Security Appliance (ASA) Software
Weakness CWE-501
Published November 10, 2022
Last update August 3, 2024

CVSS base score

6.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.

Key dates

02Disclosure timeline

November 10, 2022 CVE published
August 3, 2024 Record updated