Details of VAR-202201-0872

ID

VAR-202201-0872

CVE

CVE-2022-20651

TITLE

Cisco Adaptive Security Device Manager Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014684

DESCRIPTION

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device

Trust: 1.8

sources: NVD: CVE-2022-20651 // JVNDB: JVNDB-2022-014684 // VULHUB: VHN-405204 // VULMON: CVE-2022-20651

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security device manager	scope:	gte	version:	7.15.1	Trust: 1.0
vendor:	cisco	model:	adaptive security device manager	scope:	lt	version:	7.17.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco adaptive security device manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security device manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014684 // NVD: CVE-2022-20651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20651
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20651
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20651
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202201-997
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405204
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-20651
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-20651
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405204
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20651
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20651
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405204 // VULMON: CVE-2022-20651 // JVNDB: JVNDB-2022-014684 // CNNVD: CNNVD-202201-997 // NVD: CVE-2022-20651 // NVD: CVE-2022-20651

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.1
problemtype:	Information leakage from log files (CWE-532) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405204 // JVNDB: JVNDB-2022-014684 // NVD: CVE-2022-20651

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-997

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202201-997

PATCH

title:	cisco-sa-asdm-logging-jnLOY422	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422	Trust: 0.8
title:	Cisco Adaptive Security Device Manager Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177786	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Device Manager Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asdm-logging-jnLOY422	Trust: 0.1
title:	Cisco ASA Research	url:	https://github.com/jbaines-r7/cisco_asa_research	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20651 // JVNDB: JVNDB-2022-014684 // CNNVD: CNNVD-202201-997

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20651	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-014684	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-997	Trust: 0.7
db:	CS-HELP	id:	SB2022012416	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0132	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0132.2	Trust: 0.6
db:	VULHUB	id:	VHN-405204	Trust: 0.1
db:	VULMON	id:	CVE-2022-20651	Trust: 0.1

sources: VULHUB: VHN-405204 // VULMON: CVE-2022-20651 // JVNDB: JVNDB-2022-014684 // CNNVD: CNNVD-202201-997 // NVD: CVE-2022-20651

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asdm-logging-jnloy422	Trust: 2.5
url:	https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20651	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0132	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012416	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0132.2	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20651/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/jbaines-r7/cisco_asa_research	Trust: 0.1

sources: VULHUB: VHN-405204 // VULMON: CVE-2022-20651 // JVNDB: JVNDB-2022-014684 // CNNVD: CNNVD-202201-997 // NVD: CVE-2022-20651

SOURCES

db:	VULHUB	id:	VHN-405204
db:	VULMON	id:	CVE-2022-20651
db:	JVNDB	id:	JVNDB-2022-014684
db:	CNNVD	id:	CNNVD-202201-997
db:	NVD	id:	CVE-2022-20651

LAST UPDATE DATE

2024-08-14T15:01:09.820000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405204	date:	2022-08-19T00:00:00
db:	VULMON	id:	CVE-2022-20651	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-014684	date:	2023-09-21T04:35:00
db:	CNNVD	id:	CNNVD-202201-997	date:	2022-08-17T00:00:00
db:	NVD	id:	CVE-2022-20651	date:	2023-11-07T03:42:32.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405204	date:	2022-06-22T00:00:00
db:	VULMON	id:	CVE-2022-20651	date:	2022-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2022-014684	date:	2023-09-21T00:00:00
db:	CNNVD	id:	CNNVD-202201-997	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2022-20651	date:	2022-06-22T14:15:07.877