Details of VAR-202204-1906

ID

VAR-202204-1906

CVE

CVE-2022-20715

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011004

DESCRIPTION

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. The platform provides features such as highly secure access to data and network resources. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // VULHUB: VHN-405268 // VULMON: CVE-2022-20715

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.44	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.5.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.21	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.16.2.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.17.1.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.17.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.38	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.16.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-20715
value:	HIGH
Trust: 1.8
ykramarz@cisco.com:	CVE-2022-20715
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202204-4497
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405268
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2022-20715
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-405268
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20715
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405268 // JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715 // NVD: CVE-2022-20715 // CNNVD: CNNVD-202204-4497

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405268 // JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4497

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4497

CONFIGURATIONS

sources: NVD: CVE-2022-20715

PATCH

title:	cisco-sa-asa-dos-tL4uA4AA	url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-dos-tl4ua4aa	Trust: 0.8
title:	Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192814	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-dos-tl4ua4aa	Trust: 0.1

sources: VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // CNNVD: CNNVD-202204-4497

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20715	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011004	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.1911	Trust: 0.6
db:	CS-HELP	id:	SB2022042738	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-4497	Trust: 0.6
db:	CNVD	id:	CNVD-2022-44686	Trust: 0.1
db:	VULHUB	id:	VHN-405268	Trust: 0.1
db:	VULMON	id:	CVE-2022-20715	Trust: 0.1

sources: VULHUB: VHN-405268 // VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715 // CNNVD: CNNVD-202204-4497

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-dos-tl4ua4aa	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20715	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-remote-access-ssl-vpn-logged-errors-38170	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042738	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20715/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1911	Trust: 0.6

sources: VULHUB: VHN-405268 // VULMON: CVE-2022-20715 // JVNDB: JVNDB-2022-011004 // NVD: CVE-2022-20715 // CNNVD: CNNVD-202204-4497

SOURCES

db:	VULHUB	id:	VHN-405268
db:	VULMON	id:	CVE-2022-20715
db:	JVNDB	id:	JVNDB-2022-011004
db:	NVD	id:	CVE-2022-20715
db:	CNNVD	id:	CNNVD-202204-4497

LAST UPDATE DATE

2023-12-18T11:56:09.006000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405268	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-011004	date:	2023-08-18T06:02:00
db:	NVD	id:	CVE-2022-20715	date:	2023-11-15T15:36:59.673
db:	CNNVD	id:	CNNVD-202204-4497	date:	2022-05-16T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405268	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-011004	date:	2023-08-18T00:00:00
db:	NVD	id:	CVE-2022-20715	date:	2022-05-03T04:15:09
db:	CNNVD	id:	CNNVD-202204-4497	date:	2022-04-27T00:00:00