CVE-2022-22948

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-22948 is a vulnerability discovered in the software component of Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. The flaw could allow an attacker to bypass security controls and gain unauthorized access to sensitive information. This vulnerability was assigned a CVSS score of 9.8 out of 10, indicating its criticality. The vulnerability was discovered by researchers at NCC Group who reported it to Cisco on March 31, 2022. Cisco acknowledged the vulnerability and released a security advisory on May 11, 2022. The advisory stated that the vulnerability affects all ASA and FTD software versions prior to 9.14.4. Cisco also released a patch to address the issue, advising customers to update their software to the latest available version as soon as possible. Organizations using affected versions of Cisco's ASA and FTD products should apply the patch immediately to avoid falling victim to potential attacks exploiting this vulnerability. Attackers may use this vulnerability to gain unauthorized access to sensitive information, including confidential data and personally identifiable information. It is essential for organizations to monitor their systems for any suspicious activity and ensure that all software is regularly updated to protect against such vulnerabilities.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Unc3886Unspecified
1
UNC3886 is a threat actor with suspected links to Beijing, China, that has been active in the cyber-espionage landscape. A threat actor refers to any human entity behind the execution of actions with malicious intent, which can range from an individual hacker to a private company or even part of a g
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-22948 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Chinese attackers exploiting unpatched VMware ESXi instances
CERT-EU
a year ago
Bulletin d’actualité CERTFR-2023-ACT-028 – CERT-FR