ID

VAR-202204-1975


CVE

CVE-2022-20745


TITLE

Cisco Adaptive Security Appliance Software  and  Cisco Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011001

DESCRIPTION

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20745 // JVNDB: JVNDB-2022-011001 // VULHUB: VHN-405298 // VULMON: CVE-2022-20745

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.16.2.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.16.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.0.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.17.1.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.17.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.21

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.38

Trust: 1.0

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011001 // NVD: CVE-2022-20745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20745
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20745
value: HIGH

Trust: 1.0

NVD: CVE-2022-20745
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-4508
value: HIGH

Trust: 0.6

VULHUB: VHN-405298
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20745
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405298
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20745
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20745
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20745
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405298 // JVNDB: JVNDB-2022-011001 // CNNVD: CNNVD-202204-4508 // NVD: CVE-2022-20745 // NVD: CVE-2022-20745

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405298 // JVNDB: JVNDB-2022-011001 // NVD: CVE-2022-20745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4508

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4508

PATCH

title:cisco-sa-asafdt-webvpn-dos-tzPSYernurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern

Trust: 0.8

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191574

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asafdt-webvpn-dos-tzPSYern

Trust: 0.1

sources: VULMON: CVE-2022-20745 // JVNDB: JVNDB-2022-011001 // CNNVD: CNNVD-202204-4508

EXTERNAL IDS

db:NVDid:CVE-2022-20745

Trust: 3.4

db:JVNDBid:JVNDB-2022-011001

Trust: 0.8

db:AUSCERTid:ESB-2022.1912

Trust: 0.6

db:CS-HELPid:SB2022042739

Trust: 0.6

db:CNNVDid:CNNVD-202204-4508

Trust: 0.6

db:VULHUBid:VHN-405298

Trust: 0.1

db:VULMONid:CVE-2022-20745

Trust: 0.1

sources: VULHUB: VHN-405298 // VULMON: CVE-2022-20745 // JVNDB: JVNDB-2022-011001 // CNNVD: CNNVD-202204-4508 // NVD: CVE-2022-20745

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asafdt-webvpn-dos-tzpsyern

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-20745

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022042739

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-https-requests-38168

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1912

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20745/

Trust: 0.6

sources: VULHUB: VHN-405298 // VULMON: CVE-2022-20745 // JVNDB: JVNDB-2022-011001 // CNNVD: CNNVD-202204-4508 // NVD: CVE-2022-20745

SOURCES

db:VULHUBid:VHN-405298
db:VULMONid:CVE-2022-20745
db:JVNDBid:JVNDB-2022-011001
db:CNNVDid:CNNVD-202204-4508
db:NVDid:CVE-2022-20745

LAST UPDATE DATE

2024-08-14T13:22:23.104000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405298date:2022-05-13T00:00:00
db:JVNDBid:JVNDB-2022-011001date:2023-08-18T05:54:00
db:CNNVDid:CNNVD-202204-4508date:2022-05-16T00:00:00
db:NVDid:CVE-2022-20745date:2023-11-07T03:42:49.320

SOURCES RELEASE DATE

db:VULHUBid:VHN-405298date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-011001date:2023-08-18T00:00:00
db:CNNVDid:CNNVD-202204-4508date:2022-04-27T00:00:00
db:NVDid:CVE-2022-20745date:2022-05-03T04:15:09.500