Sign-up

ID

VAR-202204-1975


CVE

CVE-2022-20745


TITLE

Cisco Adaptive Security Appliance Software  and  Cisco Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011001

DESCRIPTION

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Trust: 1.8

sources: NVD: CVE-2022-20745 // JVNDB: JVNDB-2022-011001 // VULHUB: VHN-405298 // VULMON: CVE-2022-20745

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.21

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.16.2.14

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.17.1.7

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.17.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.38

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.16.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.4

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.0.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011001 // NVD: CVE-2022-20745

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20745
value: HIGH

Trust: 1.8

ykramarz@cisco.com: CVE-2022-20745
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202204-4508
value: HIGH

Trust: 0.6

VULHUB: VHN-405298
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-20745
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-405298
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20745
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405298 // JVNDB: JVNDB-2022-011001 // NVD: CVE-2022-20745 // NVD: CVE-2022-20745 // CNNVD: CNNVD-202204-4508

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405298 // JVNDB: JVNDB-2022-011001 // NVD: CVE-2022-20745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4508

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4508

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20745

PATCH
title:cisco-sa-asafdt-webvpn-dos-tzPSYernurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asafdt-webvpn-dos-tzpsyern
Trust: 0.8
title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191574
Trust: 0.6
title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asafdt-webvpn-dos-tzpsyern
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20745 // 
            
            
            
            JVNDB: JVNDB-2022-011001 // 
            
            
            
            CNNVD: CNNVD-202204-4508

EXTERNAL IDS
db:NVDid:CVE-2022-20745
Trust: 3.4
db:JVNDBid:JVNDB-2022-011001
Trust: 0.8
db:AUSCERTid:ESB-2022.1912
Trust: 0.6
db:CS-HELPid:SB2022042739
Trust: 0.6
db:CNNVDid:CNNVD-202204-4508
Trust: 0.6
db:VULHUBid:VHN-405298
Trust: 0.1
db:VULMONid:CVE-2022-20745
Trust: 0.1
sources:
            
            
            VULHUB: VHN-405298 // 
            
            
            
            VULMON: CVE-2022-20745 // 
            
            
            
            JVNDB: JVNDB-2022-011001 // 
            
            
            
            NVD: CVE-2022-20745 // 
            
            
            
            CNNVD: CNNVD-202204-4508

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asafdt-webvpn-dos-tzpsyern
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-20745
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2022042739
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-https-requests-38168
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.1912
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-20745/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-405298 // 
            
            
            
            VULMON: CVE-2022-20745 // 
            
            
            
            JVNDB: JVNDB-2022-011001 // 
            
            
            
            NVD: CVE-2022-20745 // 
            
            
            
            CNNVD: CNNVD-202204-4508

SOURCES
db:VULHUBid:VHN-405298
db:VULMONid:CVE-2022-20745
db:JVNDBid:JVNDB-2022-011001
db:NVDid:CVE-2022-20745
db:CNNVDid:CNNVD-202204-4508

LAST UPDATE DATE
2023-12-18T12:15:43.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-405298date:2022-05-13T00:00:00
db:JVNDBid:JVNDB-2022-011001date:2023-08-18T05:54:00
db:NVDid:CVE-2022-20745date:2023-11-07T03:42:49.320
db:CNNVDid:CNNVD-202204-4508date:2022-05-16T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-405298date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-011001date:2023-08-18T00:00:00
db:NVDid:CVE-2022-20745date:2022-05-03T04:15:09.500
db:CNNVDid:CNNVD-202204-4508date:2022-04-27T00:00:00