Vulnerability in Cisco ASA could lead to penetration of internal network

Cisco has released a software update to fix this vulnerability

Cisco has patched a heap overflow vulnerability 1 (CVE-2022-20737, CVSS 3.0 score of 8.5) in Cisco Adaptive Security Appliance (ASA) 2 found by Positive Technologies researcher Nikita Abramov. The vulnerability allows an authenticated attacker to cause a denial-of-service (DoS) condition on a vulnerable device or gain access to its memory, which may contain sensitive information.

"If an attacker has access to the SSL VPN client remote access tool built into Cisco ASA, they can use this tool to generate special requests and send them to a cybercriminal-controlled site. A certain sequence of such requests can cause the contents of the Cisco ASA memory to leak, and this, in turn, can contain sensitive data, such as cookies or active user sessions, various configuration data, usernames, passwords, and much else besides. Such information can be used, for example, to get inside another subnet or even gain access to the admin panel. The vulnerability can also cause Cisco ASA to fail by deactivating the remote access tool for all users of the firewall," said Nikita Abramov.

This is not the first vulnerability in Cisco ASA that poses a risk to the corporate network. In May 2020, the number of Internet-facing devices vulnerable to another Cisco ASA bug (CVE-2020-3187), which could be used to disable VPNs or intecept user IDs for access to the internal network, was estimated at 220,000. Almost half of them were in the U.S. (47%), followed by Britain (6%), Germany and Canada (4% each), and Japan and Russia (2% each).

There are no compensatory measures to resolve the CVE-2022-20737 error, other than installing the update. This vulnerability and how to address it are part of Cisco's April 27, 2022 six-monthly security advisory for Cisco ASA, FMC, and FTD software. The advisory includes 17 recommendations for 19 vulnerabilities in Cisco ASA, FMC, and FTD.

MaxPatrol VM, a new-generation vulnerability management system, will ensure continuous monitoring of vulnerabilities within the infrastructure.

Previously, Nikita Abramov also helped fix the CVE-2021-34704 vulnerability in Cisco ASA and Cisco FTD (Firepower Threat Defense), which threatened a denial of service.

According to IDC and Forrester Research, Cisco leads the hardware firewall market. The company itself reports that more than 1 million of its security devices are in operation worldwide.

  1. The heap is an area of process memory used to store dynamic variables. A buffer overflow in a heap data area is called a heap overflow.
  2. Cisco ASA is a series of hardware firewalls developed by Cisco Systems. They are the successors of the Cisco PIX firewalls, the Cisco IPS 4200 intrusion prevention systems, and the Cisco VPN 3000 VPN concentrators. Just like PIX, ASA technology is based on x86 processors.