cvedb.io
CVE-2022-20829
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-06-24T16:15:08.580 · Last modified 2026-06-17T04:25:12.360

Summary

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machi

Affected products

cisco — isa_3000_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.