Details of VAR-202204-1835

ID

VAR-202204-1835

CVE

CVE-2022-20767

TITLE

Cisco Firepower Threat Defense Software vulnerabilities related to resource allocation without restrictions or throttling

Trust: 0.8

sources: JVNDB: JVNDB-2022-010229

DESCRIPTION

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // VULHUB: VHN-405320 // VULMON: CVE-2022-20767

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	eq	version:	cisco firepower threat defense software	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-20767
value:	HIGH
Trust: 1.8
ykramarz@cisco.com:	CVE-2022-20767
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202204-4511
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405320
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2022-20767
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-405320
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20767
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405320 // JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767 // NVD: CVE-2022-20767 // CNNVD: CNNVD-202204-4511

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405320 // JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4511

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4511

CONFIGURATIONS

sources: NVD: CVE-2022-20767

PATCH

title:	cisco-sa-FTD-snort3-DOS-Aq38LVdM	url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-snort3-dos-aq38lvdm	Trust: 0.8
title:	Cisco Firepower Threat Defense Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191575	Trust: 0.6
title:	Cisco: Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ftd-snort3-dos-aq38lvdm	Trust: 0.1

sources: VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // CNNVD: CNNVD-202204-4511

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20767	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-010229	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.1916	Trust: 0.6
db:	CS-HELP	id:	SB2022042814	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-4511	Trust: 0.6
db:	CNVD	id:	CNVD-2022-43404	Trust: 0.1
db:	VULHUB	id:	VHN-405320	Trust: 0.1
db:	VULMON	id:	CVE-2022-20767	Trust: 0.1

sources: VULHUB: VHN-405320 // VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767 // CNNVD: CNNVD-202204-4511

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-snort3-dos-aq38lvdm	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20767	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022042814	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1916	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20767/	Trust: 0.6

sources: VULHUB: VHN-405320 // VULMON: CVE-2022-20767 // JVNDB: JVNDB-2022-010229 // NVD: CVE-2022-20767 // CNNVD: CNNVD-202204-4511

SOURCES

db:	VULHUB	id:	VHN-405320
db:	VULMON	id:	CVE-2022-20767
db:	JVNDB	id:	JVNDB-2022-010229
db:	NVD	id:	CVE-2022-20767
db:	CNNVD	id:	CNNVD-202204-4511

LAST UPDATE DATE

2023-12-18T13:59:43.942000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405320	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-010229	date:	2023-08-14T01:54:00
db:	NVD	id:	CVE-2022-20767	date:	2023-11-07T03:42:53.413
db:	CNNVD	id:	CNNVD-202204-4511	date:	2022-05-12T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405320	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-010229	date:	2023-08-14T00:00:00
db:	NVD	id:	CVE-2022-20767	date:	2022-05-03T04:15:09.963
db:	CNNVD	id:	CNNVD-202204-4511	date:	2022-04-27T00:00:00