Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Physical
0

CVE-2022-20826

Disclosure Date: November 15, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality.

This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.8 Medium
Impact Score:
5.9
Exploitability Score:
0.9
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Physical
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • cisco

Products

  • adaptive security appliance software 9.17.1,
  • adaptive security appliance software 9.17.1.10,
  • adaptive security appliance software 9.17.1.13,
  • adaptive security appliance software 9.17.1.9,
  • adaptive security appliance software 9.18.1,
  • adaptive security appliance software 9.18.1.3,
  • firepower threat defense 7.1.0.0,
  • firepower threat defense 7.2.0.0,
  • firepower threat defense 7.2.0.1

Additional Info

Technical Analysis