Sign-up

ID

VAR-202204-1956


CVE

CVE-2022-20744


TITLE

Cisco Firepower Management Center  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-010237

DESCRIPTION

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. Cisco Firepower Management Center (FMC) There are unspecified vulnerabilities in the software.Information may be obtained. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20744 // JVNDB: JVNDB-2022-010237 // VULHUB: VHN-405297 // VULMON: CVE-2022-20744

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:7.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010237 // NVD: CVE-2022-20744

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20744
value: MEDIUM

Trust: 1.8

ykramarz@cisco.com: CVE-2022-20744
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202204-4484
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405297
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-20744
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-405297
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2022-20744
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405297 // JVNDB: JVNDB-2022-010237 // NVD: CVE-2022-20744 // NVD: CVE-2022-20744 // CNNVD: CNNVD-202204-4484

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-405297 // JVNDB: JVNDB-2022-010237 // NVD: CVE-2022-20744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4484

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-4484

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20744

PATCH
title:cisco-sa-fmc-infdisc-guJWRwQuurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-infdisc-gujwrwqu
Trust: 0.8
title:Cisco Firepower Management Center Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247262
Trust: 0.6
title:Cisco: Cisco Firepower Management Center Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fmc-infdisc-gujwrwqu
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20744 // 
            
            
            
            JVNDB: JVNDB-2022-010237 // 
            
            
            
            CNNVD: CNNVD-202204-4484

EXTERNAL IDS
db:NVDid:CVE-2022-20744
Trust: 3.4
db:JVNDBid:JVNDB-2022-010237
Trust: 0.8
db:AUSCERTid:ESB-2022.1915
Trust: 0.6
db:CS-HELPid:SB2022042808
Trust: 0.6
db:CNNVDid:CNNVD-202204-4484
Trust: 0.6
db:CNVDid:CNVD-2022-43400
Trust: 0.1
db:VULHUBid:VHN-405297
Trust: 0.1
db:VULMONid:CVE-2022-20744
Trust: 0.1
sources:
            
            
            VULHUB: VHN-405297 // 
            
            
            
            VULMON: CVE-2022-20744 // 
            
            
            
            JVNDB: JVNDB-2022-010237 // 
            
            
            
            NVD: CVE-2022-20744 // 
            
            
            
            CNNVD: CNNVD-202204-4484

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-infdisc-gujwrwqu
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-20744
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2022042808
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.1915
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-20744/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-405297 // 
            
            
            
            VULMON: CVE-2022-20744 // 
            
            
            
            JVNDB: JVNDB-2022-010237 // 
            
            
            
            NVD: CVE-2022-20744 // 
            
            
            
            CNNVD: CNNVD-202204-4484

SOURCES
db:VULHUBid:VHN-405297
db:VULMONid:CVE-2022-20744
db:JVNDBid:JVNDB-2022-010237
db:NVDid:CVE-2022-20744
db:CNNVDid:CNNVD-202204-4484

LAST UPDATE DATE
2023-12-18T12:34:30.398000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-405297date:2022-05-09T00:00:00
db:JVNDBid:JVNDB-2022-010237date:2023-08-14T05:25:00
db:NVDid:CVE-2022-20744date:2023-07-24T13:34:52.837
db:CNNVDid:CNNVD-202204-4484date:2023-07-25T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-405297date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-010237date:2023-08-14T00:00:00
db:NVDid:CVE-2022-20744date:2022-05-03T04:15:09.437
db:CNNVDid:CNNVD-202204-4484date:2022-04-27T00:00:00