CVE-2022-20854

Published Nov 15, 2022
Last updated 10 months ago
CVSS high 7.5
Overview

Description: A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: CWE-755
ykramarz@cisco.com: CWE-400
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AF743FF-E805-474C-B50B-92BD4C7AA0D4",
            "versionEndIncluding": "6.1.0.7",
            "versionStartIncluding": "6.1.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E4CB53-CEC2-4BE8-96E1-A2C7631E529E",
            "versionEndIncluding": "6.2.0.6",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89269AE2-3D68-493A-B50A-03D42FB35D67",
            "versionEndIncluding": "6.2.2.5",
            "versionStartIncluding": "6.2.2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6BF3D02-3BA0-4736-B78D-3634E3E91623",
            "versionEndIncluding": "6.2.3.18",
            "versionStartIncluding": "6.2.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AD39938-77FE-4CC2-A8FF-96EB92B70FC2",
            "versionEndIncluding": "6.3.0.5",
            "versionStartIncluding": "6.3.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A2C5E53-F923-4582-8C44-54FDDC4BBF02",
            "versionEndIncluding": "6.4.0.15",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3270D8B1-70B7-42B0-991E-0C14F1C3DDE9",
            "versionEndIncluding": "6.5.0.5",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79C97BD3-D82A-493B-BCBB-9909ED80D084",
            "versionEndIncluding": "6.7.0.3",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64116F5B-671C-46DB-A78D-AB14AAF946FD",
            "versionEndIncluding": "6.1.0.7",
            "versionStartIncluding": "6.1.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD237542-FED6-4013-AD9F-18891954FE05",
            "versionEndIncluding": "6.2.0.6",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F74A25A-601D-470D-BA43-EA68ADD266C6",
            "versionEndIncluding": "6.2.2.5",
            "versionStartIncluding": "6.2.2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D58D7217-F6F5-4B58-B59C-E5C8781C87A9",
            "versionEndIncluding": "6.2.3.18",
            "versionStartIncluding": "6.2.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDE0C110-518D-4E51-BCEB-F4E9FC448278",
            "versionEndIncluding": "6.3.0.5",
            "versionStartIncluding": "6.3.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "874E0E13-4A9E-4296-BEE6-F5B1077411A0",
            "versionEndIncluding": "6.4.0.15",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "171E1C5D-68C5-4BBC-AE18-D1518A1B7277",
            "versionEndIncluding": "6.5.0.5",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E",
            "versionEndIncluding": "6.7.0.3",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD48BE40-C647-429A-81B6-59E125BBE415"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC411A8D-CD39-46F5-B8FC-6753E618FAEC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046B53A0-6BC1-461A-9C28-C534CE12C4BD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CA889E1-4E8F-4ECE-88AC-7A240D5CBF0A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D1C767F-3E06-43B7-A0CC-D51D97A053EB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43A950B0-A7CA-4CE7-A393-A18C8C41B08E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7E221CB-BD0F-4AEE-8646-998B75647714"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "225382DE-2919-48F4-9CC0-DE685EAAFDF4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
