Rewterz Threat Advisory – CVE-2022-41800 – F5 BIG-IP Vulnerability
November 18, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
November 18, 2022Rewterz Threat Advisory – CVE-2022-41800 – F5 BIG-IP Vulnerability
November 18, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
November 18, 2022Severity
Medium
Analysis Summary
CVE-2022-20928
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by an error in the authorization verifications during the VPN authentication flow. By sending a specially-crafted packet during a VPN authentication, an attacker could exploit this vulnerability to establish a VPN connection with access privileges from a different user.
Impact
Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-20928
Affected Vendors
Cisco
Affected Products
- Cisco Adaptive Security Appliance
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.