ID

VAR-202204-1906


CVE

CVE-2022-20715


TITLE

Cisco Adaptive Security Appliance Software  and  Cisco Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011004

DESCRIPTION

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. The platform provides features such as highly secure access to data and network resources. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // VULHUB: VHN-405268 // VULMON: CVE-2022-20715

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.16.2.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.16.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.0.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.17.1.7

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.17.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.21

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.38

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.44

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20715
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20715
value: HIGH

Trust: 1.0

NVD: CVE-2022-20715
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-4497
value: HIGH

Trust: 0.6

VULHUB: VHN-405268
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20715
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405268
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20715
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2022-20715
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405268 // JVNDB: JVNDB-2022-011004 // CNNVD: CNNVD-202204-4497 // NVD: CVE-2022-20715 // NVD: CVE-2022-20715

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-399

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405268 // JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4497

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4497

PATCH

title:cisco-sa-asa-dos-tL4uA4AAurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA

Trust: 0.8

title:Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192814

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-dos-tL4uA4AA

Trust: 0.1

sources: VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // CNNVD: CNNVD-202204-4497

EXTERNAL IDS

db:NVDid:CVE-2022-20715

Trust: 3.4

db:JVNDBid:JVNDB-2022-011004

Trust: 0.8

db:AUSCERTid:ESB-2022.1911

Trust: 0.6

db:CS-HELPid:SB2022042738

Trust: 0.6

db:CNNVDid:CNNVD-202204-4497

Trust: 0.6

db:CNVDid:CNVD-2022-44686

Trust: 0.1

db:VULHUBid:VHN-405268

Trust: 0.1

db:VULMONid:CVE-2022-20715

Trust: 0.1

sources: VULHUB: VHN-405268 // VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // CNNVD: CNNVD-202204-4497 // NVD: CVE-2022-20715

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-dos-tl4ua4aa

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-20715

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-remote-access-ssl-vpn-logged-errors-38170

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042738

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20715/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1911

Trust: 0.6

sources: VULHUB: VHN-405268 // VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // CNNVD: CNNVD-202204-4497 // NVD: CVE-2022-20715

SOURCES

db:VULHUBid:VHN-405268
db:VULMONid:CVE-2022-20715
db:JVNDBid:JVNDB-2022-011004
db:CNNVDid:CNNVD-202204-4497
db:NVDid:CVE-2022-20715

LAST UPDATE DATE

2024-08-14T14:10:51.041000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405268date:2022-05-13T00:00:00
db:JVNDBid:JVNDB-2022-011004date:2023-08-18T06:02:00
db:CNNVDid:CNNVD-202204-4497date:2022-05-16T00:00:00
db:NVDid:CVE-2022-20715date:2023-11-15T15:36:59.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-405268date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-011004date:2023-08-18T00:00:00
db:CNNVDid:CNNVD-202204-4497date:2022-04-27T00:00:00
db:NVDid:CVE-2022-20715date:2022-05-03T04:15:09