Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Cisco FirePOWER Services Software for ASA by Cisco

    CVE-2022-20928 (GCVE-0-2022-20928)

    Vulnerability from nvd – Published: 2022-11-10 17:36 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.8.1
    Affected: 9.8.1.5
    Affected: 9.8.1.7
    Affected: 9.8.2
    Affected: 9.8.2.8
    Affected: 9.8.2.14
    Affected: 9.8.2.15
    Affected: 9.8.2.17
    Affected: 9.8.2.20
    Affected: 9.8.2.24
    Affected: 9.8.2.26
    Affected: 9.8.2.28
    Affected: 9.8.2.33
    Affected: 9.8.2.35
    Affected: 9.8.2.38
    Affected: 9.8.3.8
    Affected: 9.8.3.11
    Affected: 9.8.3.14
    Affected: 9.8.3.16
    Affected: 9.8.3.18
    Affected: 9.8.3.21
    Affected: 9.8.3
    Affected: 9.8.3.26
    Affected: 9.8.3.29
    Affected: 9.8.4
    Affected: 9.8.4.3
    Affected: 9.8.4.7
    Affected: 9.8.4.8
    Affected: 9.8.4.10
    Affected: 9.8.4.12
    Affected: 9.8.4.15
    Affected: 9.8.4.17
    Affected: 9.8.4.25
    Affected: 9.8.4.20
    Affected: 9.8.4.22
    Affected: 9.8.4.26
    Affected: 9.8.4.29
    Affected: 9.8.4.32
    Affected: 9.8.4.33
    Affected: 9.8.4.34
    Affected: 9.8.4.35
    Affected: 9.8.4.39
    Affected: 9.8.4.40
    Affected: 9.8.4.41
    Affected: 9.8.4.43
    Affected: 9.8.4.44
    Affected: 9.8.4.45
    Affected: 9.12.1
    Affected: 9.12.1.2
    Affected: 9.12.1.3
    Affected: 9.12.2
    Affected: 9.12.2.4
    Affected: 9.12.2.5
    Affected: 9.12.2.9
    Affected: 9.12.3
    Affected: 9.12.3.2
    Affected: 9.12.3.7
    Affected: 9.12.4
    Affected: 9.12.3.12
    Affected: 9.12.3.9
    Affected: 9.12.2.1
    Affected: 9.12.4.2
    Affected: 9.12.4.4
    Affected: 9.12.4.7
    Affected: 9.12.4.10
    Affected: 9.12.4.13
    Affected: 9.12.4.8
    Affected: 9.12.4.18
    Affected: 9.12.4.24
    Affected: 9.12.4.26
    Affected: 9.12.4.29
    Affected: 9.12.4.30
    Affected: 9.12.4.35
    Affected: 9.12.4.37
    Affected: 9.12.4.38
    Affected: 9.12.4.39
    Affected: 9.14.1
    Affected: 9.14.1.10
    Affected: 9.14.1.6
    Affected: 9.14.1.15
    Affected: 9.14.1.19
    Affected: 9.14.1.30
    Affected: 9.14.2
    Affected: 9.14.2.4
    Affected: 9.14.2.8
    Affected: 9.14.2.13
    Affected: 9.14.2.15
    Affected: 9.14.3
    Affected: 9.14.3.1
    Affected: 9.14.3.9
    Affected: 9.14.3.11
    Affected: 9.14.3.13
    Affected: 9.14.3.18
    Affected: 9.14.3.15
    Affected: 9.14.4
    Affected: 9.14.4.6
    Affected: 9.15.1
    Affected: 9.15.1.7
    Affected: 9.15.1.10
    Affected: 9.15.1.15
    Affected: 9.15.1.16
    Affected: 9.15.1.17
    Affected: 9.15.1.1
    Affected: 9.15.1.21
    Affected: 9.16.1
    Affected: 9.16.1.28
    Affected: 9.16.2
    Affected: 9.16.2.3
    Affected: 9.16.2.7
    Affected: 9.16.2.11
    Affected: 9.16.2.13
    Affected: 9.16.2.14
    Affected: 9.17.1
    Affected: 9.17.1.7
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.8
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.9
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Adaptive Security Appliance (ASA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.8.1"
                },
                {
                  "status": "affected",
                  "version": "9.8.1.5"
                },
                {
                  "status": "affected",
                  "version": "9.8.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.8.2"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.14"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.17"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.20"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.24"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.28"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.33"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.35"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.38"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.14"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.16"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.21"
                },
                {
                  "status": "affected",
                  "version": "9.8.3"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.29"
                },
                {
                  "status": "affected",
                  "version": "9.8.4"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.3"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.7"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.10"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.12"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.15"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.17"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.25"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.20"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.22"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.29"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.32"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.33"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.34"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.35"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.39"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.40"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.41"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.43"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.44"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.45"
                },
                {
                  "status": "affected",
                  "version": "9.12.1"
                },
                {
                  "status": "affected",
                  "version": "9.12.1.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.1.3"
                },
                {
                  "status": "affected",
                  "version": "9.12.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.5"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.9"
                },
                {
                  "status": "affected",
                  "version": "9.12.3"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.7"
                },
                {
                  "status": "affected",
                  "version": "9.12.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.12"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.7"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.10"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.13"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.8"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.18"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.24"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.26"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.29"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.30"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.35"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.37"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.38"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.39"
                },
                {
                  "status": "affected",
                  "version": "9.14.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.6"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.19"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.30"
                },
                {
                  "status": "affected",
                  "version": "9.14.2"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.3"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.4.6"
                },
                {
                  "status": "affected",
                  "version": "9.15.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.16"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.17"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.21"
                },
                {
                  "status": "affected",
                  "version": "9.16.1"
                },
                {
                  "status": "affected",
                  "version": "9.16.1.28"
                },
                {
                  "status": "affected",
                  "version": "9.16.2"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.3"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.7"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.11"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.14"
                },
                {
                  "status": "affected",
                  "version": "9.17.1"
                },
                {
                  "status": "affected",
                  "version": "9.17.1.7"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user.\r\n\r This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:15.104Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6"
            }
          ],
          "source": {
            "advisory": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
            "defects": [
              "CSCwa81795"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20928",
        "datePublished": "2022-11-10T17:36:54.157Z",
        "dateReserved": "2021-11-02T13:28:29.191Z",
        "dateUpdated": "2024-08-03T02:31:58.644Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20927 (GCVE-0-2022-20927)

    Vulnerability from nvd – Published: 2022-11-10 17:30 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.14.1
    Affected: 9.14.1.10
    Affected: 9.14.1.15
    Affected: 9.14.1.19
    Affected: 9.14.1.30
    Affected: 9.14.2
    Affected: 9.14.2.4
    Affected: 9.14.2.8
    Affected: 9.14.2.13
    Affected: 9.14.2.15
    Affected: 9.14.3
    Affected: 9.14.3.1
    Affected: 9.14.3.9
    Affected: 9.14.3.11
    Affected: 9.14.3.13
    Affected: 9.14.3.18
    Affected: 9.14.3.15
    Affected: 9.15.1
    Affected: 9.15.1.7
    Affected: 9.15.1.10
    Affected: 9.15.1.15
    Affected: 9.15.1.16
    Affected: 9.15.1.17
    Affected: 9.15.1.1
    Affected: 9.15.1.21
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ssl-client-dos-cCrQPkA",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Adaptive Security Appliance (ASA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.14.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.19"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.30"
                },
                {
                  "status": "affected",
                  "version": "9.14.2"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.3"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.16"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.17"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.21"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:14.790Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ssl-client-dos-cCrQPkA",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ssl-client-dos-cCrQPkA",
            "defects": [
              "CSCvz98540"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20927",
        "datePublished": "2022-11-10T17:30:39.182Z",
        "dateReserved": "2021-11-02T13:28:29.191Z",
        "dateUpdated": "2024-08-03T02:31:59.588Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20918 (GCVE-0-2022-20918)

    Vulnerability from nvd – Published: 2022-11-10 17:29 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:57.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.\r\n\r This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential.\r\n\r This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:13.186Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
            "defects": [
              "CSCwa97541"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20918",
        "datePublished": "2022-11-10T17:29:53.489Z",
        "dateReserved": "2021-11-02T13:28:29.189Z",
        "dateUpdated": "2024-08-03T02:31:57.397Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20828 (GCVE-0-2022-20828)

    Vulnerability from nvd – Published: 2022-06-24 15:25 – Updated: 2024-11-01 19:00
    VLAI
    Title
    Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
    Summary
    A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:42:47.498802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:00:55.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-236",
                  "description": "CWE-236",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T16:06:12.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
            }
          ],
          "source": {
            "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
            "defect": [
              [
                "CSCwb32418"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-06-22T23:00:00",
              "ID": "CVE-2022-20828",
              "STATE": "PUBLIC",
              "TITLE": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco FirePOWER Services Software for ASA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-236"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
                },
                {
                  "name": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/",
                  "refsource": "MISC",
                  "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
              "defect": [
                [
                  "CSCwb32418"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20828",
        "datePublished": "2022-06-24T15:25:16.277Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:00:55.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20928 (GCVE-0-2022-20928)

    Vulnerability from cvelistv5 – Published: 2022-11-10 17:36 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.8.1
    Affected: 9.8.1.5
    Affected: 9.8.1.7
    Affected: 9.8.2
    Affected: 9.8.2.8
    Affected: 9.8.2.14
    Affected: 9.8.2.15
    Affected: 9.8.2.17
    Affected: 9.8.2.20
    Affected: 9.8.2.24
    Affected: 9.8.2.26
    Affected: 9.8.2.28
    Affected: 9.8.2.33
    Affected: 9.8.2.35
    Affected: 9.8.2.38
    Affected: 9.8.3.8
    Affected: 9.8.3.11
    Affected: 9.8.3.14
    Affected: 9.8.3.16
    Affected: 9.8.3.18
    Affected: 9.8.3.21
    Affected: 9.8.3
    Affected: 9.8.3.26
    Affected: 9.8.3.29
    Affected: 9.8.4
    Affected: 9.8.4.3
    Affected: 9.8.4.7
    Affected: 9.8.4.8
    Affected: 9.8.4.10
    Affected: 9.8.4.12
    Affected: 9.8.4.15
    Affected: 9.8.4.17
    Affected: 9.8.4.25
    Affected: 9.8.4.20
    Affected: 9.8.4.22
    Affected: 9.8.4.26
    Affected: 9.8.4.29
    Affected: 9.8.4.32
    Affected: 9.8.4.33
    Affected: 9.8.4.34
    Affected: 9.8.4.35
    Affected: 9.8.4.39
    Affected: 9.8.4.40
    Affected: 9.8.4.41
    Affected: 9.8.4.43
    Affected: 9.8.4.44
    Affected: 9.8.4.45
    Affected: 9.12.1
    Affected: 9.12.1.2
    Affected: 9.12.1.3
    Affected: 9.12.2
    Affected: 9.12.2.4
    Affected: 9.12.2.5
    Affected: 9.12.2.9
    Affected: 9.12.3
    Affected: 9.12.3.2
    Affected: 9.12.3.7
    Affected: 9.12.4
    Affected: 9.12.3.12
    Affected: 9.12.3.9
    Affected: 9.12.2.1
    Affected: 9.12.4.2
    Affected: 9.12.4.4
    Affected: 9.12.4.7
    Affected: 9.12.4.10
    Affected: 9.12.4.13
    Affected: 9.12.4.8
    Affected: 9.12.4.18
    Affected: 9.12.4.24
    Affected: 9.12.4.26
    Affected: 9.12.4.29
    Affected: 9.12.4.30
    Affected: 9.12.4.35
    Affected: 9.12.4.37
    Affected: 9.12.4.38
    Affected: 9.12.4.39
    Affected: 9.14.1
    Affected: 9.14.1.10
    Affected: 9.14.1.6
    Affected: 9.14.1.15
    Affected: 9.14.1.19
    Affected: 9.14.1.30
    Affected: 9.14.2
    Affected: 9.14.2.4
    Affected: 9.14.2.8
    Affected: 9.14.2.13
    Affected: 9.14.2.15
    Affected: 9.14.3
    Affected: 9.14.3.1
    Affected: 9.14.3.9
    Affected: 9.14.3.11
    Affected: 9.14.3.13
    Affected: 9.14.3.18
    Affected: 9.14.3.15
    Affected: 9.14.4
    Affected: 9.14.4.6
    Affected: 9.15.1
    Affected: 9.15.1.7
    Affected: 9.15.1.10
    Affected: 9.15.1.15
    Affected: 9.15.1.16
    Affected: 9.15.1.17
    Affected: 9.15.1.1
    Affected: 9.15.1.21
    Affected: 9.16.1
    Affected: 9.16.1.28
    Affected: 9.16.2
    Affected: 9.16.2.3
    Affected: 9.16.2.7
    Affected: 9.16.2.11
    Affected: 9.16.2.13
    Affected: 9.16.2.14
    Affected: 9.17.1
    Affected: 9.17.1.7
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.2.3
    Affected: 6.2.3.1
    Affected: 6.2.3.2
    Affected: 6.2.3.3
    Affected: 6.2.3.4
    Affected: 6.2.3.5
    Affected: 6.2.3.6
    Affected: 6.2.3.7
    Affected: 6.2.3.8
    Affected: 6.2.3.10
    Affected: 6.2.3.11
    Affected: 6.2.3.9
    Affected: 6.2.3.12
    Affected: 6.2.3.13
    Affected: 6.2.3.14
    Affected: 6.2.3.15
    Affected: 6.2.3.16
    Affected: 6.2.3.17
    Affected: 6.2.3.18
    Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.4.0
    Affected: 6.4.0.1
    Affected: 6.4.0.3
    Affected: 6.4.0.2
    Affected: 6.4.0.4
    Affected: 6.4.0.5
    Affected: 6.4.0.6
    Affected: 6.4.0.7
    Affected: 6.4.0.8
    Affected: 6.4.0.9
    Affected: 6.4.0.10
    Affected: 6.4.0.11
    Affected: 6.4.0.12
    Affected: 6.4.0.13
    Affected: 6.4.0.14
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.1.0
    Affected: 7.1.0.1
    Affected: 7.1.0.2
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Adaptive Security Appliance (ASA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.8.1"
                },
                {
                  "status": "affected",
                  "version": "9.8.1.5"
                },
                {
                  "status": "affected",
                  "version": "9.8.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.8.2"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.14"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.17"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.20"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.24"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.28"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.33"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.35"
                },
                {
                  "status": "affected",
                  "version": "9.8.2.38"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.14"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.16"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.21"
                },
                {
                  "status": "affected",
                  "version": "9.8.3"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.3.29"
                },
                {
                  "status": "affected",
                  "version": "9.8.4"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.3"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.7"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.8"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.10"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.12"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.15"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.17"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.25"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.20"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.22"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.26"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.29"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.32"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.33"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.34"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.35"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.39"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.40"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.41"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.43"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.44"
                },
                {
                  "status": "affected",
                  "version": "9.8.4.45"
                },
                {
                  "status": "affected",
                  "version": "9.12.1"
                },
                {
                  "status": "affected",
                  "version": "9.12.1.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.1.3"
                },
                {
                  "status": "affected",
                  "version": "9.12.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.5"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.9"
                },
                {
                  "status": "affected",
                  "version": "9.12.3"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.7"
                },
                {
                  "status": "affected",
                  "version": "9.12.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.12"
                },
                {
                  "status": "affected",
                  "version": "9.12.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.12.2.1"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.2"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.7"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.10"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.13"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.8"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.18"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.24"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.26"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.29"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.30"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.35"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.37"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.38"
                },
                {
                  "status": "affected",
                  "version": "9.12.4.39"
                },
                {
                  "status": "affected",
                  "version": "9.14.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.6"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.19"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.30"
                },
                {
                  "status": "affected",
                  "version": "9.14.2"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.3"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.4.6"
                },
                {
                  "status": "affected",
                  "version": "9.15.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.16"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.17"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.21"
                },
                {
                  "status": "affected",
                  "version": "9.16.1"
                },
                {
                  "status": "affected",
                  "version": "9.16.1.28"
                },
                {
                  "status": "affected",
                  "version": "9.16.2"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.3"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.7"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.11"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.16.2.14"
                },
                {
                  "status": "affected",
                  "version": "9.17.1"
                },
                {
                  "status": "affected",
                  "version": "9.17.1.7"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.8"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.11"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.12"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.13"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.15"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.16"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.17"
                },
                {
                  "status": "affected",
                  "version": "6.2.3.18"
                },
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.10"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.12"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.13"
                },
                {
                  "status": "affected",
                  "version": "6.4.0.14"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.2"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user.\r\n\r This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:15.104Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vp-authz-N2GckjN6"
            }
          ],
          "source": {
            "advisory": "cisco-sa-asa-ftd-vp-authz-N2GckjN6",
            "defects": [
              "CSCwa81795"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20928",
        "datePublished": "2022-11-10T17:36:54.157Z",
        "dateReserved": "2021-11-02T13:28:29.191Z",
        "dateUpdated": "2024-08-03T02:31:58.644Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20927 (GCVE-0-2022-20927)

    Vulnerability from cvelistv5 – Published: 2022-11-10 17:30 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.14.1
    Affected: 9.14.1.10
    Affected: 9.14.1.15
    Affected: 9.14.1.19
    Affected: 9.14.1.30
    Affected: 9.14.2
    Affected: 9.14.2.4
    Affected: 9.14.2.8
    Affected: 9.14.2.13
    Affected: 9.14.2.15
    Affected: 9.14.3
    Affected: 9.14.3.1
    Affected: 9.14.3.9
    Affected: 9.14.3.11
    Affected: 9.14.3.13
    Affected: 9.14.3.18
    Affected: 9.14.3.15
    Affected: 9.15.1
    Affected: 9.15.1.7
    Affected: 9.15.1.10
    Affected: 9.15.1.15
    Affected: 9.15.1.16
    Affected: 9.15.1.17
    Affected: 9.15.1.1
    Affected: 9.15.1.21
    Create a notification for this product.
    Cisco Cisco Firepower Threat Defense Software Affected: 6.6.0
    Affected: 6.6.0.1
    Affected: 6.6.1
    Affected: 6.6.3
    Affected: 6.6.4
    Affected: 6.6.5
    Affected: 6.6.5.1
    Affected: 6.6.5.2
    Affected: 6.7.0
    Affected: 6.7.0.1
    Affected: 6.7.0.2
    Affected: 6.7.0.3
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ssl-client-dos-cCrQPkA",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Adaptive Security Appliance (ASA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.14.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.19"
                },
                {
                  "status": "affected",
                  "version": "9.14.1.30"
                },
                {
                  "status": "affected",
                  "version": "9.14.2"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.4"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.8"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.2.15"
                },
                {
                  "status": "affected",
                  "version": "9.14.3"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.1"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.9"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.11"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.13"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.18"
                },
                {
                  "status": "affected",
                  "version": "9.14.3.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.7"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.10"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.15"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.16"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.17"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.1"
                },
                {
                  "status": "affected",
                  "version": "9.15.1.21"
                }
              ]
            },
            {
              "product": "Cisco Firepower Threat Defense Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.3"
                },
                {
                  "status": "affected",
                  "version": "6.6.4"
                },
                {
                  "status": "affected",
                  "version": "6.6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "6.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.7.0.3"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:14.790Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ssl-client-dos-cCrQPkA",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ssl-client-dos-cCrQPkA",
            "defects": [
              "CSCvz98540"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20927",
        "datePublished": "2022-11-10T17:30:39.182Z",
        "dateReserved": "2021-11-02T13:28:29.191Z",
        "dateUpdated": "2024-08-03T02:31:59.588Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20918 (GCVE-0-2022-20918)

    Vulnerability from cvelistv5 – Published: 2022-11-10 17:29 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Firepower Management Center Affected: 7.0.0
    Affected: 7.0.0.1
    Affected: 7.0.1
    Affected: 7.0.1.1
    Affected: 7.0.2
    Affected: 7.0.2.1
    Affected: 7.0.3
    Affected: 7.0.4
    Create a notification for this product.
    Cisco Cisco FirePOWER Services Software for ASA Affected: N/A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:57.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Firepower Management Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                }
              ]
            },
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.\r\n\r This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential.\r\n\r This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:13.186Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S"
            }
          ],
          "source": {
            "advisory": "cisco-sa-fmcsfr-snmp-access-6gqgtJ4S",
            "defects": [
              "CSCwa97541"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20918",
        "datePublished": "2022-11-10T17:29:53.489Z",
        "dateReserved": "2021-11-02T13:28:29.189Z",
        "dateUpdated": "2024-08-03T02:31:57.397Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20828 (GCVE-0-2022-20828)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:25 – Updated: 2024-11-01 19:00
    VLAI
    Title
    Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
    Summary
    A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:42:47.498802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:00:55.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco FirePOWER Services Software for ASA",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-236",
                  "description": "CWE-236",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T16:06:12.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
            }
          ],
          "source": {
            "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
            "defect": [
              [
                "CSCwb32418"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-06-22T23:00:00",
              "ID": "CVE-2022-20828",
              "STATE": "PUBLIC",
              "TITLE": "Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco FirePOWER Services Software for ASA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-236"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220622 Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG"
                },
                {
                  "name": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/",
                  "refsource": "MISC",
                  "url": "https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168256/Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection.html"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-asasfr-cmd-inject-PE4GfdG",
              "defect": [
                [
                  "CSCwb32418"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20828",
        "datePublished": "2022-06-24T15:25:16.277Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:00:55.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }