cnvd - cnvd-2022-44686

cnvd-2022-44686

Vulnerability from cnvd

Title: Cisco Adaptive Security Appliance和Firepower Threat Defense拒绝服务漏洞（CNVD-2022-44686）

Description:

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software都是美国思科（Cisco）公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliances Software是一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。

Cisco Adaptive Security Appliance和Firepower Threat Defense存在拒绝服务漏洞，未经身份验证的远程攻击者可利用该漏洞导致受影响的设备重新启动，从而导致 DoS 条件。

Severity: 高

Patch Name: Cisco Adaptive Security Appliance和Firepower Threat Defense拒绝服务漏洞（CNVD-2022-44686）的补丁

Patch Description:

Cisco Adaptive Security Appliance和Firepower Threat Defense存在拒绝服务漏洞，未经身份验证的远程攻击者可利用该漏洞导致受影响的设备重新启动，从而导致 DoS 条件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA

Reference: https://vigilance.fr/vulnerability/Cisco-ASA-denial-of-service-via-Remote-Access-SSL-VPN-Logged-Errors-38170

Impacted products

Name
['Cisco Firepower Threat Defense 6.7.0', 'Cisco Firepower Threat Defense 7.0.0', 'Cisco Firepower Threat Defense 7.1.0', 'Cisco Adaptive Security Appliance <=9.7', 'Cisco Adaptive Security Appliance 9.8', 'Cisco Adaptive Security Appliance 9.9', 'Cisco Adaptive Security Appliance 9.10', 'Cisco Adaptive Security Appliance 9.12', 'Cisco Adaptive Security Appliance 9.13', 'Cisco Adaptive Security Appliance 9.14', 'Cisco Adaptive Security Appliance 9.15', 'Cisco Adaptive Security Appliance 9.16', 'Cisco Adaptive Security Appliance 9.17', 'Cisco Firepower Threat Defense <=6.2.2', 'Cisco Firepower Threat Defense 6.3.0', 'Cisco Firepower Threat Defense 6.4.0', 'Cisco Firepower Threat Defense 6.5.0', 'Cisco Firepower Threat Defense 6.6.0', 'Cisco Firepower Threat Defense 6.2.3']

Name

['Cisco Firepower Threat Defense 6.7.0', 'Cisco Firepower Threat Defense 7.0.0', 'Cisco Firepower Threat Defense 7.1.0', 'Cisco Adaptive Security Appliance <=9.7', 'Cisco Adaptive Security Appliance 9.8', 'Cisco Adaptive Security Appliance 9.9', 'Cisco Adaptive Security Appliance 9.10', 'Cisco Adaptive Security Appliance 9.12', 'Cisco Adaptive Security Appliance 9.13', 'Cisco Adaptive Security Appliance 9.14', 'Cisco Adaptive Security Appliance 9.15', 'Cisco Adaptive Security Appliance 9.16', 'Cisco Adaptive Security Appliance 9.17', 'Cisco Firepower Threat Defense <=6.2.2', 'Cisco Firepower Threat Defense 6.3.0', 'Cisco Firepower Threat Defense 6.4.0', 'Cisco Firepower Threat Defense 6.5.0', 'Cisco Firepower Threat Defense 6.6.0', 'Cisco Firepower Threat Defense 6.2.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-20715",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-20715"
    }
  },
  "description": "Cisco Firepower Threat Defense\u548cCisco Adaptive Security Appliances Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower Threat Defense\u662f\u4e00\u5957\u63d0\u4f9b\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u670d\u52a1\u7684\u7edf\u4e00\u8f6f\u4ef6\u3002Cisco Adaptive Security Appliances Software\u662f\u4e00\u5957\u9632\u706b\u5899\u548c\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u5bf9\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u9ad8\u5ea6\u5b89\u5168\u7684\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\n\nCisco Adaptive Security Appliance\u548cFirepower Threat Defense\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u91cd\u65b0\u542f\u52a8\uff0c\u4ece\u800c\u5bfc\u81f4 DoS \u6761\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-44686",
  "openTime": "2022-06-13",
  "patchDescription": "Cisco Firepower Threat Defense\u548cCisco Adaptive Security Appliances Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower Threat Defense\u662f\u4e00\u5957\u63d0\u4f9b\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u670d\u52a1\u7684\u7edf\u4e00\u8f6f\u4ef6\u3002Cisco Adaptive Security Appliances Software\u662f\u4e00\u5957\u9632\u706b\u5899\u548c\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u5bf9\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u9ad8\u5ea6\u5b89\u5168\u7684\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Adaptive Security Appliance\u548cFirepower Threat Defense\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u91cd\u65b0\u542f\u52a8\uff0c\u4ece\u800c\u5bfc\u81f4 DoS \u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Adaptive Security Appliance\u548cFirepower Threat Defense\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-44686\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Firepower Threat Defense 6.7.0",
      "Cisco Firepower Threat Defense 7.0.0",
      "Cisco Firepower Threat Defense 7.1.0",
      "Cisco Adaptive Security Appliance \u003c=9.7",
      "Cisco Adaptive Security Appliance 9.8",
      "Cisco Adaptive Security Appliance 9.9",
      "Cisco Adaptive Security Appliance 9.10",
      "Cisco Adaptive Security Appliance 9.12",
      "Cisco Adaptive Security Appliance 9.13",
      "Cisco Adaptive Security Appliance 9.14",
      "Cisco Adaptive Security Appliance 9.15",
      "Cisco Adaptive Security Appliance 9.16",
      "Cisco Adaptive Security Appliance 9.17",
      "Cisco Firepower Threat Defense \u003c=6.2.2",
      "Cisco Firepower Threat Defense 6.3.0",
      "Cisco Firepower Threat Defense 6.4.0",
      "Cisco Firepower Threat Defense 6.5.0",
      "Cisco Firepower Threat Defense 6.6.0",
      "Cisco Firepower Threat Defense 6.2.3"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Cisco-ASA-denial-of-service-via-Remote-Access-SSL-VPN-Logged-Errors-38170",
  "serverity": "\u9ad8",
  "submitTime": "2022-04-29",
  "title": "Cisco Adaptive Security Appliance\u548cFirepower Threat Defense\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2022-44686\uff09"
}

CVE-2022-20715 (GCVE-0-2022-20715)

Vulnerability from cvelistv5

Published

2022-05-03 03:16

Modified

2024-09-16 17:19

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-399

Summary

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Adaptive Security Appliance (ASA) Software	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220427 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-03T03:16:28",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220427 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asa-dos-tL4uA4AA",
        "defect": [
          [
            "CSCwa04461"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-04-27T16:00:00",
          "ID": "CVE-2022-20715",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance (ASA) Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220427 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asa-dos-tL4uA4AA",
          "defect": [
            [
              "CSCwa04461"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20715",
    "datePublished": "2022-05-03T03:16:28.466114Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-09-16T17:19:10.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted