ID

VAR-202204-1956


CVE

CVE-2022-20744


TITLE

Cisco Firepower Management Center  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-010237

DESCRIPTION

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. Cisco Firepower Management Center (FMC) There are unspecified vulnerabilities in the software.Information may be obtained. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20744 // JVNDB: JVNDB-2022-010237 // VULHUB: VHN-405297 // VULMON: CVE-2022-20744

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:7.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010237 // NVD: CVE-2022-20744

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20744
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20744
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20744
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-4484
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405297
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20744
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405297
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20744
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20744
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2022-20744
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405297 // JVNDB: JVNDB-2022-010237 // CNNVD: CNNVD-202204-4484 // NVD: CVE-2022-20744 // NVD: CVE-2022-20744

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-807

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-405297 // JVNDB: JVNDB-2022-010237 // NVD: CVE-2022-20744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4484

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-4484

PATCH

title:cisco-sa-fmc-infdisc-guJWRwQuurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu

Trust: 0.8

title:Cisco Firepower Management Center Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247262

Trust: 0.6

title:Cisco: Cisco Firepower Management Center Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fmc-infdisc-guJWRwQu

Trust: 0.1

sources: VULMON: CVE-2022-20744 // JVNDB: JVNDB-2022-010237 // CNNVD: CNNVD-202204-4484

EXTERNAL IDS

db:NVDid:CVE-2022-20744

Trust: 3.4

db:JVNDBid:JVNDB-2022-010237

Trust: 0.8

db:AUSCERTid:ESB-2022.1915

Trust: 0.6

db:CS-HELPid:SB2022042808

Trust: 0.6

db:CNNVDid:CNNVD-202204-4484

Trust: 0.6

db:CNVDid:CNVD-2022-43400

Trust: 0.1

db:VULHUBid:VHN-405297

Trust: 0.1

db:VULMONid:CVE-2022-20744

Trust: 0.1

sources: VULHUB: VHN-405297 // VULMON: CVE-2022-20744 // JVNDB: JVNDB-2022-010237 // CNNVD: CNNVD-202204-4484 // NVD: CVE-2022-20744

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-infdisc-gujwrwqu

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-20744

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022042808

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1915

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20744/

Trust: 0.6

sources: VULHUB: VHN-405297 // VULMON: CVE-2022-20744 // JVNDB: JVNDB-2022-010237 // CNNVD: CNNVD-202204-4484 // NVD: CVE-2022-20744

SOURCES

db:VULHUBid:VHN-405297
db:VULMONid:CVE-2022-20744
db:JVNDBid:JVNDB-2022-010237
db:CNNVDid:CNNVD-202204-4484
db:NVDid:CVE-2022-20744

LAST UPDATE DATE

2024-08-14T15:01:03.732000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405297date:2022-05-09T00:00:00
db:JVNDBid:JVNDB-2022-010237date:2023-08-14T05:25:00
db:CNNVDid:CNNVD-202204-4484date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20744date:2023-07-24T13:34:52.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-405297date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-010237date:2023-08-14T00:00:00
db:CNNVDid:CNNVD-202204-4484date:2022-04-27T00:00:00
db:NVDid:CVE-2022-20744date:2022-05-03T04:15:09.437