ID

VAR-202211-0552


CVE

CVE-2022-20949


TITLE

Cisco Systems  Cisco Firepower Threat Defense  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-022979

DESCRIPTION

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. Cisco Systems Cisco Firepower Threat Defense There are unspecified vulnerabilities in the software.Information may be tampered with. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2022-20949 // JVNDB: JVNDB-2022-022979 // VULHUB: VHN-405502

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:lteversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.2.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.7.0.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.2.2.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.2.3.18

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.2.0.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.1.0.7

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:7.1.0.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:7.0.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.2.0.6

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.1.0.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.1.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.1.0.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.2.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.5.0 to 6.5.0.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.2.0 to 6.2.0.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.3.0 to 6.3.0.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.4.0 to 6.4.0.15

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.0.0 to 7.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.2.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.2.3 to 6.2.3.18

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.2.2 to 6.2.2.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.7.0 to 6.7.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.6.0 to 6.6.5.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 7.2.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software 6.1.0 to 6.1.0.7

Trust: 0.8

sources: JVNDB: JVNDB-2022-022979 // NVD: CVE-2022-20949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20949
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20949
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20949
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2497
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20949
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20949
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-20949
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022979 // CNNVD: CNNVD-202211-2497 // NVD: CVE-2022-20949 // NVD: CVE-2022-20949

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022979 // NVD: CVE-2022-20949

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2497

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2497

PATCH

title:cisco-sa-ftd-mgmt-privesc-7GqR2thurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-privesc-7GqR2th

Trust: 0.8

title:Cisco Firepower Threat Defense Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215184

Trust: 0.6

sources: JVNDB: JVNDB-2022-022979 // CNNVD: CNNVD-202211-2497

EXTERNAL IDS

db:NVDid:CVE-2022-20949

Trust: 3.3

db:JVNDBid:JVNDB-2022-022979

Trust: 0.8

db:CNNVDid:CNNVD-202211-2497

Trust: 0.6

db:CNVDid:CNVD-2022-78144

Trust: 0.1

db:VULHUBid:VHN-405502

Trust: 0.1

sources: VULHUB: VHN-405502 // JVNDB: JVNDB-2022-022979 // CNNVD: CNNVD-202211-2497 // NVD: CVE-2022-20949

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-20949

Trust: 1.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-mgmt-privesc-7gqr2th

Trust: 1.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-mgmt-privesc-7gqr2th

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20949/

Trust: 0.6

sources: VULHUB: VHN-405502 // JVNDB: JVNDB-2022-022979 // CNNVD: CNNVD-202211-2497 // NVD: CVE-2022-20949

SOURCES

db:VULHUBid:VHN-405502
db:JVNDBid:JVNDB-2022-022979
db:CNNVDid:CNNVD-202211-2497
db:NVDid:CVE-2022-20949

LAST UPDATE DATE

2024-08-14T14:30:55.606000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405502date:2022-11-22T00:00:00
db:JVNDBid:JVNDB-2022-022979date:2023-11-24T01:53:00
db:CNNVDid:CNNVD-202211-2497date:2022-11-23T00:00:00
db:NVDid:CVE-2022-20949date:2024-01-25T17:15:21.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-405502date:2022-11-15T00:00:00
db:JVNDBid:JVNDB-2022-022979date:2023-11-24T00:00:00
db:CNNVDid:CNNVD-202211-2497date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20949date:2022-11-15T21:15:35.833