ID

VAR-202211-0717


CVE

CVE-2022-20938


TITLE

Cisco Systems  Cisco Firepower Management Center Software  In  XML  External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-022934

DESCRIPTION

A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed

Trust: 1.71

sources: NVD: CVE-2022-20938 // JVNDB: JVNDB-2022-022934 // VULHUB: VHN-405491

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.17

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.8

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.9

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.13

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.9

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.10

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.11

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.14

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.11

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.13

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.14

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.10

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.16

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.1.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.8

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.15

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.18

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management center softwarescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.5

Trust: 0.8

sources: JVNDB: JVNDB-2022-022934 // NVD: CVE-2022-20938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20938
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20938
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20938
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2496
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20938
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-20938
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022934 // CNNVD: CNNVD-202211-2496 // NVD: CVE-2022-20938 // NVD: CVE-2022-20938

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.1

problemtype:XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405491 // JVNDB: JVNDB-2022-022934 // NVD: CVE-2022-20938

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2496

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2496

PATCH

title:cisco-sa-fmc-xxe-MzPC4bYdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd

Trust: 0.8

title:Cisco Firepower Management Center Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213592

Trust: 0.6

sources: JVNDB: JVNDB-2022-022934 // CNNVD: CNNVD-202211-2496

EXTERNAL IDS

db:NVDid:CVE-2022-20938

Trust: 3.3

db:JVNDBid:JVNDB-2022-022934

Trust: 0.8

db:CNNVDid:CNNVD-202211-2496

Trust: 0.6

db:VULHUBid:VHN-405491

Trust: 0.1

sources: VULHUB: VHN-405491 // JVNDB: JVNDB-2022-022934 // CNNVD: CNNVD-202211-2496 // NVD: CVE-2022-20938

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-20938

Trust: 1.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-xxe-mzpc4byd

Trust: 1.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-xxe-mzpc4byd

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20938/

Trust: 0.6

sources: VULHUB: VHN-405491 // JVNDB: JVNDB-2022-022934 // CNNVD: CNNVD-202211-2496 // NVD: CVE-2022-20938

SOURCES

db:VULHUBid:VHN-405491
db:JVNDBid:JVNDB-2022-022934
db:CNNVDid:CNNVD-202211-2496
db:NVDid:CVE-2022-20938

LAST UPDATE DATE

2024-08-14T15:11:12.691000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405491date:2022-11-21T00:00:00
db:JVNDBid:JVNDB-2022-022934date:2023-11-21T07:50:00
db:CNNVDid:CNNVD-202211-2496date:2022-11-22T00:00:00
db:NVDid:CVE-2022-20938date:2024-01-25T17:15:20.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-405491date:2022-11-15T00:00:00
db:JVNDBid:JVNDB-2022-022934date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2496date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20938date:2022-11-15T21:15:34.430