Lucene search

[email protected]NVD:CVE-2022-20949

HistoryNov 15, 2022 - 9:15 p.m.

CVE-2022-20949

2022-11-1521:15:35

CWE-399

[email protected]

web.nvd.nist.gov

cisco firepower

threat defense

software

management web server

remote attacker

configuration commands

https endpoints

access restriction

exploit vulnerability

management center

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.9%

JSON

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system.

This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software.

Affected configurations

Nvd

Node

ciscofirepower_threat_defenseRange6.1.0–6.1.0.7

ciscofirepower_threat_defenseRange6.2.0–6.2.0.6

ciscofirepower_threat_defenseRange6.2.2–6.2.2.5

ciscofirepower_threat_defenseRange6.2.3–6.2.3.18

ciscofirepower_threat_defenseRange6.3.0–6.3.0.5

ciscofirepower_threat_defenseRange6.4.0–6.4.0.15

ciscofirepower_threat_defenseRange6.5.0–6.5.0.5

ciscofirepower_threat_defenseRange6.6.0–6.6.5.2

ciscofirepower_threat_defenseRange6.7.0–6.7.0.3

ciscofirepower_threat_defenseRange7.0.0–7.0.3

ciscofirepower_threat_defenseMatch6.2.1

ciscofirepower_threat_defenseMatch7.1.0.0

ciscofirepower_threat_defenseMatch7.1.0.1

ciscofirepower_threat_defenseMatch7.1.0.2

ciscofirepower_threat_defenseMatch7.2.0

ciscofirepower_threat_defenseMatch7.2.0.1

VendorProductVersionCPE
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
ciscofirepower_threat_defense6.2.1cpe:2.3:a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.1.0.0cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.1.0.1cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.1.0.2cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.2.0cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.2.0.1cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_threat_defense	*	cpe:2.3:a:cisco:firepower_threat_defense::::::::
cisco	firepower_threat_defense	6.2.1	cpe:2.3:a:cisco:firepower_threat_defense:6.2.1:::::::*
cisco	firepower_threat_defense	7.1.0.0	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.0:::::::*
cisco	firepower_threat_defense	7.1.0.1	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:::::::*
cisco	firepower_threat_defense	7.1.0.2	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:::::::*
cisco	firepower_threat_defense	7.2.0	cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:::::::*
cisco	firepower_threat_defense	7.2.0.1	cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:::::::*