ID

VAR-202204-1835


CVE

CVE-2022-20767


TITLE

Cisco Firepower Threat Defense  Software vulnerabilities related to resource allocation without restrictions or throttling

Trust: 0.8

sources: JVNDB: JVNDB-2022-010229

DESCRIPTION

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // VULHUB: VHN-405320 // VULMON: CVE-2022-20767

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.0.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20767
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20767
value: HIGH

Trust: 1.0

NVD: CVE-2022-20767
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-4511
value: HIGH

Trust: 0.6

VULHUB: VHN-405320
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20767
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405320
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20767
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20767
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20767
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405320 // JVNDB: JVNDB-2022-010229 // CNNVD: CNNVD-202204-4511 // NVD: CVE-2022-20767 // NVD: CVE-2022-20767

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:CWE-399

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405320 // JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4511

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4511

PATCH

title:cisco-sa-FTD-snort3-DOS-Aq38LVdMurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM

Trust: 0.8

title:Cisco Firepower Threat Defense Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191575

Trust: 0.6

title:Cisco: Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-FTD-snort3-DOS-Aq38LVdM

Trust: 0.1

sources: VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // CNNVD: CNNVD-202204-4511

EXTERNAL IDS

db:NVDid:CVE-2022-20767

Trust: 3.4

db:JVNDBid:JVNDB-2022-010229

Trust: 0.8

db:AUSCERTid:ESB-2022.1916

Trust: 0.6

db:CS-HELPid:SB2022042814

Trust: 0.6

db:CNNVDid:CNNVD-202204-4511

Trust: 0.6

db:CNVDid:CNVD-2022-43404

Trust: 0.1

db:VULHUBid:VHN-405320

Trust: 0.1

db:VULMONid:CVE-2022-20767

Trust: 0.1

sources: VULHUB: VHN-405320 // VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // CNNVD: CNNVD-202204-4511 // NVD: CVE-2022-20767

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-snort3-dos-aq38lvdm

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-20767

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022042814

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1916

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20767/

Trust: 0.6

sources: VULHUB: VHN-405320 // VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // CNNVD: CNNVD-202204-4511 // NVD: CVE-2022-20767

SOURCES

db:VULHUBid:VHN-405320
db:VULMONid:CVE-2022-20767
db:JVNDBid:JVNDB-2022-010229
db:CNNVDid:CNNVD-202204-4511
db:NVDid:CVE-2022-20767

LAST UPDATE DATE

2024-08-14T13:53:23.881000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405320date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-010229date:2023-08-14T01:54:00
db:CNNVDid:CNNVD-202204-4511date:2022-05-12T00:00:00
db:NVDid:CVE-2022-20767date:2023-11-07T03:42:53.413

SOURCES RELEASE DATE

db:VULHUBid:VHN-405320date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-010229date:2023-08-14T00:00:00
db:CNNVDid:CNNVD-202204-4511date:2022-04-27T00:00:00
db:NVDid:CVE-2022-20767date:2022-05-03T04:15:09.963