CVE-2022-20737

Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information.

Una vulnerabilidad en el administrador de la autenticación HTTP para los recursos a los que se accede a través del portal Clientless SSL VPN del software Cisco Adaptive Security Appliance (ASA) podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado u obtuviera partes de la memoria del proceso de un dispositivo afectado. Esta vulnerabilidad es debido a una comprobación insuficiente de los límites cuando son analizados determinados mensajes de autenticación HTTP. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico malicioso a un dispositivo afectado que actúe como puerta de enlace VPN. Para enviar este tráfico malicioso, un atacante necesitaría controlar un servidor web al que pueda accederse mediante el portal Clientless SSL VPN. Una explotación con éxito podría permitir al atacante causar la recarga del dispositivo, resultando en una condición DoS, o recuperar bytes de la memoria de proceso del dispositivo que podrían contener información confidencial

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-02 CVE Reserved
2022-05-03 CVE Published
2023-11-23 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-heap-zLX3FdX	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				< 9.12.4.38 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " < 9.12.4.38"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.13.0 < 9.14.4 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.13.0 < 9.14.4"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.15.0 < 9.15.1.21 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.15.0 < 9.15.1.21"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.16.0 < 9.16.2.14 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.16.0 < 9.16.2.14"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 9.17.0 < 9.17.1.7 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 9.17.0 < 9.17.1.7"		-		Affected