【概要】

■脆弱性情報

日	CVE番号	NVD	Vender	CVSS v3	CWE	脆弱性	備考
2022/08/10	CVE-2022-20715	NVD	Vender	7.5(NVD) 8.6(Cisco)	CWE-20 CWE-399	不適切な入力確認 リソース管理の問題	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
2022/08/10	CVE-2022-20866	NVD	Vender	7.5(NVD) 7.4(Cisco)	CWE-203	観測可能な不一致	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
2022/08/10	CVE-2022-20829	NVD	Vender	7.2(NVD) 9.1(Cisco)	CWE-345	データの信頼性についての不十分な検証	Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
2022/08/10	CVE-2022-20713	NVD	Vender	6.1(NVD) 4.3(Cisco)	CWE-444	HTTP リクエストスマグリング	Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability
2022/08/10	CVE-2021-1585	NVD	Vender	8.1(NVD) 7.5(Cisco)	CWE-94	コード・インジェクション	Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability

■Exploit Code情報

日	CVE番号	NVD	URL
2022/08/10	CVE-2022-20829	NVD	https://github.com/jbaines-r7/theway
2022/08/10	CVE-2022-20829	NVD	https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/
2022/08/16	CVE-2021-1585	NVD	https://github.com/jbaines-r7/staystaystay
2022/09/19	CVE-2021-1585	NVD	https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/
2022/02/11	CVE-2021-1585	NVD	https://attackerkb.com/topics/0vIso8fLhQ/cve-2021-1585/rapid7-analysis

【ニュース】

◆シスコ製品に重要な脆弱性、アップデートを (マイナビニュース, 2022/08/12 14:37)
https://news.mynavi.jp/techplus/article/20220812-2423675/

【関連情報】

◆Cisco Releases Security Update for Multiple Products (CISA, 2022/08/11)
[シスコ、複数製品のセキュリティアップデートを公開]
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/11/cisco-releases-security-update-multiple-products
⇒ https://vul.hatenadiary.com/entry/2022/08/11/000000