CVE-2022-20927

Published Nov 15, 2022

Last updated 10 months ago

CVSS medium 6.5

Overview

Description: A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
ykramarz@cisco.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D9AE545-A469-41C7-BD95-3CC80AF8067B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3255DB9E-85A5-48ED-90AA-6A7A55A0B1F5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B6C9A0-B941-4C7C-BFE9-F1D837D5ADBC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E783FD-5D4B-4C4F-BBFE-1186EFDFEF3B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40145CFB-CEE8-4ABA-A9C2-BA262B7A9AEC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23C82327-5362-4876-8058-EB51030CD5DD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C700CC9-E16F-4C05-915D-1CA39257ACCB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ABDBB94-BA4F-4991-A703-0D7DDF999CBF"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D59B6947-1953-4C86-A76C-7A881CD3A502"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "171E1C5D-68C5-4BBC-AE18-D1518A1B7277",
            "versionEndIncluding": "6.5.0.5",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E",
            "versionEndIncluding": "6.7.0.3",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4C5EF69-498C-4433-8B86-91EB343C3F63"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References