How To Fix CVE-2022-20759- A Privilege Escalation Vulnerability In Cisco ASA And Cisco FTD

The network appliances manufacturer giant Cisco published an advisory on 3rd May in which Cisco detailed a privilege escalation vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). The vulnerability tracked as CVE-2022-20759 is a high severity vulnerability with a CVSS score of 8.8 out of 10. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices. Since this flaw allow the attacker to gain privilege level 15 access to the web management interface of the affected devices. It is important to fix the CVE-2022-20759 vulnerability. Let’s see how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.

Table of Contents

About Cisco ASA And Cisco FTD:

Cisco ASA (Adaptive Security Appliance):

Cisco ASA is a security device that provides firewall and VPN capabilities for small to medium sized businesses. It is easy to deploy and manage, and offers a wide range of features to keep your network safe. Cisco ASA is a cost-effective way to protect your business from online threats.

Cisco ASA features include:

Firewall protection
Intrusion prevention
Malware protection
Web, URL & Content filtering
Anti-spam
Email security
DLP

Cisco ASA also offers a number of advanced features, such as:

Site-to-site VPN
Remote access VPN
SSL VPN
VLAN
Traffic shaping and rate limiting
Application visibility and control

Whether you’re looking for basic security or advanced protection, Cisco ASA has the features you need to keep your business safe from online threats. So if you’re looking for a reliable and scalable security solution, be sure to consider Cisco ASA.

Cisco Firepower Threat Defense (FTD) is a unified software image, which bundles Cisco ASA with FirePOWER Services and Cisco’s Next-Generation Intrusion Prevention System (NGIPS). Cisco FTD provides comprehensive security capabilities that enable organisations to defend themselves against today’s advanced threats. Cisco FTD offers several key benefits, including:

Improved performance and scalability: Cisco FTD provides up to 5x better performance than the Cisco ASA, making it better equipped to handle today’s demanding traffic loads. In addition, Cisco FTD can be deployed in high availability (HA) configurations to provide even greater resilience.
Lower total cost of ownership: Cisco FTD consolidates multiple security functions into a single appliance, reducing complexity and management overhead. Cisco Next-Generation Firewall subscriptions are also available, enabling organisations to easily scale their security as their network grows.
Enhanced threat protection: Cisco FTD integrates Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Threat Grid intelligence services, and Cisco Umbrella cloud security solutions to provide comprehensive threat visibility, detection and prevention capabilities.

If you’re looking for improved security that can keep up with the demands of your network traffic, Cisco FTD is a great choice. With its advanced threat detection capabilities and streamlined platform architecture, Cisco FTD can help you stay ahead of evolving threats while lowering costs and increasing efficiency. To learn more about Cisco’s FTD offering, visit Cisco’s website today. Cisco Firepower Threat Defense is a great way to improve your organization’s security posture while red

Summary Of CVE-2022-20759:

This is a privilege escalation vulnerability in Cisco ASA and Cisco FTD software. This flaw is due to improper separation of authentication and authorization scopes. This vulnerability could allow attackers to exploit just by sending crafted HTTPS messages to the web management interface of an affected device. The flaw allows an authenticated, but unprivileged, remote attacker to elevate privileges to level 15 on the vulnerable devices using management tools like the Cisco ASDM (Adaptive Security Device Manager) or the Cisco CSM (Security Manager).

Associated CVE ID	CVE-2022-20759
Description	A Privilege Escalation Vulnerability in Cisco ASA and Cisco FTD
Associated ZDI ID	–
CVSS Score	8.8 High
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score	–
Exploitability Score	–
Attack Vector (AV)	Network
Attack Complexity (AC)	Low
Privilege Required (PR)	Low
User Interaction (UI)	None
Scope	Unchanged
Confidentiality (C)	High
Integrity (I)	High
availability (a)	High

Products Affected By CVE-2022-20714:

Cisco advisory says that this vulnerability affects the products that runs a vulnerable version of Cisco ASA or Cisco FTD Software with these conditions.

HTTPS Management Access and IKEv2 Client Services are both enabled on at least one (not necessarily the same) interface
HTTPS Management Access and WebVPN are both enabled on at least one (not necessarily the same) interface

These services were enabled as part of their default configuration. So it is necessary to look at how to fix CVE-2022-20759, a privilege escalation vulnerability in Cisco ASA and Cisco FTD.

Most of the Cisco ASA software v 9.17 and earlier are prone to this flaw. On an important note, v9.9, 9.10, and 9.13 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.

Most of the Cisco FMC and FTD software v7.1.0 and earlier are prone to this flaw. On an important note, v6.3.0 and 6.5.0 have reached end of support. We recommend upgrading these versions to the fixed versions as soon as possible.

Please see the more details about the affected versions in the ‘How to Fix’ section of this post.

Products Safe From CVE-2022-20759:

Cisco says that Cisco FMC software is safe from this flaw. It is need not to worry about Cisco Firepower Management Center (FMC).

How To Determine Your Device Is Vulnerable TRun this command to see the IKEv2 client service status:o CVE-2022-20759?

It can be easily determine by checking the status on HTTP server,IKEv2 Client Services, and the WebVPN Configuration on the devices.

How to check the HTTP Server Status?

Run this command to see the HTTP server status:

# show running-config http

asa# show running-config http          
http server enable 8443
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside

This command shows weather HTTPS management access is enabled on the inside and outside interface with ACL rules and access port number.

If there is no port number, the default value is 443. If no ACL rules displayed, then ACLs are concluded disabled.

How to check the IKEv2 Client Service Status?

Run this command to see the IKEv2 client service status:
# show running-config crypto ikev2 | include port

asa# show running-config crypto ikev2 | include port
crypto ikev2 enable outside client-services port 8443

This command shows weather the IKEv2 client service status is enabled on the inside and outside interface with port number. If there is no output, then the IKEv2 client service is disabled.

How to check the WebVPN Configuration?

Run this command to see the WebVPN Configuration:
# show running-config all webvpn | include ^ port |^ enable

asa# show running-config all webvpn | include ^ port |^ enable
 port 8443
 enable outside

This command shows weather the WebVPN Configuration is enabled on the inside and outside interface with port number. If there is no output, then the WebVPN is disabled.