Details of VAR-202211-0831

ID

VAR-202211-0831

CVE

CVE-2022-20941

TITLE

Cisco Systems Cisco Firepower Management Center Software Vulnerability regarding lack of entropy in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022927

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device

Trust: 1.71

sources: NVD: CVE-2022-20941 // JVNDB: JVNDB-2022-022927 // VULHUB: VHN-405494

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.7	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.17	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.8	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.9	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.13	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.9	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.6	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.7	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.10	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.5.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.5.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.7	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.11	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.7.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.14	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.11	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.12	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.7	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.2.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.6	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.7.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.13	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.6	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.15	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.14	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.10	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.16	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.1.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.1.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.8	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.6	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.15	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.1.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.5	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0.12	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.7.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3.18	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.2.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.2.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.1.0.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.2.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center software	scope:	eq	version:	6.2.0.5	Trust: 0.8

sources: JVNDB: JVNDB-2022-022927 // NVD: CVE-2022-20941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20941
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20941
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20941
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202211-2488
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-20941
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20941
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941 // NVD: CVE-2022-20941

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.0
problemtype:	CWE-331	Trust: 1.0
problemtype:	CWE-334	Trust: 1.0
problemtype:	Lack of entropy (CWE-331) [NVD evaluation ]	Trust: 0.8
problemtype:	Lack of authentication (CWE-862) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-330	Trust: 0.1

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // NVD: CVE-2022-20941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2488

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2488

PATCH

title:	cisco-sa-fmc-info-disc-UghNRRhP	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-info-disc-UghNRRhP	Trust: 0.8
title:	Cisco Firepower Management Center Fixing measures for security feature vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215056	Trust: 0.6

sources: JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20941	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-022927	Trust: 0.8
db:	CNNVD	id:	CNNVD-202211-2488	Trust: 0.6
db:	VULHUB	id:	VHN-405494	Trust: 0.1

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-20941	Trust: 1.4
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-info-disc-ughnrrhp	Trust: 1.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-info-disc-ughnrrhp	Trust: 0.7
url:	https://cxsecurity.com/cveshow/cve-2022-20941/	Trust: 0.6

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941

SOURCES

db:	VULHUB	id:	VHN-405494
db:	JVNDB	id:	JVNDB-2022-022927
db:	CNNVD	id:	CNNVD-202211-2488
db:	NVD	id:	CVE-2022-20941

LAST UPDATE DATE

2024-08-14T15:37:19.100000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405494	date:	2022-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-022927	date:	2023-11-21T07:30:00
db:	CNNVD	id:	CNNVD-202211-2488	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2022-20941	date:	2024-01-25T17:15:20.713

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405494	date:	2022-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-022927	date:	2023-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202211-2488	date:	2022-11-09T00:00:00
db:	NVD	id:	CVE-2022-20941	date:	2022-11-15T21:15:34.877