ID

VAR-202211-0831


CVE

CVE-2022-20941


TITLE

Cisco Systems  Cisco Firepower Management Center Software  Vulnerability regarding lack of entropy in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022927

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device

Trust: 1.71

sources: NVD: CVE-2022-20941 // JVNDB: JVNDB-2022-022927 // VULHUB: VHN-405494

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.17

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.8

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.9

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.13

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.9

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.10

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.11

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.14

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.11

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.7

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.13

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.15

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.14

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.10

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.16

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.1.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.8

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.15

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.7.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:7.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.18

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management center softwarescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.1.0.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.2.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management center softwarescope:eqversion:6.2.0.5

Trust: 0.8

sources: JVNDB: JVNDB-2022-022927 // NVD: CVE-2022-20941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20941
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20941
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20941
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2488
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20941
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-20941
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941 // NVD: CVE-2022-20941

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-331

Trust: 1.0

problemtype:CWE-334

Trust: 1.0

problemtype:Lack of entropy (CWE-331) [NVD evaluation ]

Trust: 0.8

problemtype: Lack of authentication (CWE-862) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-330

Trust: 0.1

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // NVD: CVE-2022-20941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2488

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2488

PATCH

title:cisco-sa-fmc-info-disc-UghNRRhPurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-info-disc-UghNRRhP

Trust: 0.8

title:Cisco Firepower Management Center Fixing measures for security feature vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215056

Trust: 0.6

sources: JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488

EXTERNAL IDS

db:NVDid:CVE-2022-20941

Trust: 3.3

db:JVNDBid:JVNDB-2022-022927

Trust: 0.8

db:CNNVDid:CNNVD-202211-2488

Trust: 0.6

db:VULHUBid:VHN-405494

Trust: 0.1

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-20941

Trust: 1.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-info-disc-ughnrrhp

Trust: 1.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-info-disc-ughnrrhp

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20941/

Trust: 0.6

sources: VULHUB: VHN-405494 // JVNDB: JVNDB-2022-022927 // CNNVD: CNNVD-202211-2488 // NVD: CVE-2022-20941

SOURCES

db:VULHUBid:VHN-405494
db:JVNDBid:JVNDB-2022-022927
db:CNNVDid:CNNVD-202211-2488
db:NVDid:CVE-2022-20941

LAST UPDATE DATE

2024-08-14T15:37:19.100000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405494date:2022-11-21T00:00:00
db:JVNDBid:JVNDB-2022-022927date:2023-11-21T07:30:00
db:CNNVDid:CNNVD-202211-2488date:2022-11-22T00:00:00
db:NVDid:CVE-2022-20941date:2024-01-25T17:15:20.713

SOURCES RELEASE DATE

db:VULHUBid:VHN-405494date:2022-11-15T00:00:00
db:JVNDBid:JVNDB-2022-022927date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2488date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20941date:2022-11-15T21:15:34.877