• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-27854 – WordPress Vulnerability
April 29, 2022
Rewterz Threat Advisory – Multiple NVIDIA Jetson Vulnerabilities
April 29, 2022

Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

April 29, 2022

Severity

Medium

Analysis Summary

CVE-2022-20767, CVSS 8.6

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper handling of the DNS reputation enforcement rule in the Snort rule evaluation function. By sending specially-crafted UDP packets, a remote attacker could exploit this vulnerability to cause traffic that is going through the affected device to be dropped

CVE-2022-20760, CVSS 8.6


Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are vulnerable to a denial of service, caused by improper processing of incoming requests in the DNS inspection handler. By sending specially crafted DNS requests at a high rate to an affected device, a remote attacker could exploit this vulnerability to cause the device to stop responding.

CVE-2022-20757, CVSS 8.6


Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper traffic handling when platform limits are reached. By sending a high rate of UDP traffic through an affected device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20751, CVSS 8.6


Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by insufficient memory management for certain Snort events. By sending a series of specially crafted IP packets that would generate specific Snort events on an affected device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20748, CVSS 5.3


Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by insufficient error handling in the local malware analysis process of an affected device. By sending a specially crafted file through the device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20746, CVSS 8.6


Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by the improper handling of TCP flows by the TCP Proxy functionality. By sending a specially crafted stream of TCP traffic, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20745, CVSS 8.6


Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are vulnerable to a denial of service, caused by improper input validation in the web services interface when parsing HTTPS requests. By sending a specially-crafted HTTPS request, a remote attacker could exploit this vulnerability to cause the device to reload.

CVE-2022-20744, CVSS 4.3


Cisco Firepower Management Center Software could allow a remote authenticated attacker to obtain sensitive information, caused by a protection mechanism that relies on the existence of values of a specific input in the input protection. By modifying the input and sending a specially crafted request, an attacker could exploit this vulnerability to view data without proper authorization.

CVE-2022-20740, CVSS 6.1


Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20730, CVSS 4


Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an improper feed update processing. By sending a specially-crafted traffic, an attacker could exploit this vulnerability to bypass device controls and successfully send traffic to devices that are expected to be protected.

CVE-2022-20759, CVSS 8.8


could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper separation of authentication and authorization scopes. By sending a specially-crafted HTTPS messages to the web services interface, an authenticated attacker could exploit this vulnerability to gain privilege level 15 access to the web management interface.

CVE-2022-20743, CVSS 6.5


Cisco Firepower Management Center could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

CVE-2022-20729, CVSS 4.4


Cisco Firepower Threat Defense Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an XML injection flaw in the the command parser. By including specially-crafted input in commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-20627, CVSS 5.4


Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20628, CVSS 5.4


Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20629, CVSS 5.4


Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20715, CVSS 8.6


Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper validation of errors in remote access SSL VPN features. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the device to restart.

CVE-2022-20737, CVSS 8.5


Cisco Adaptive Security Appliance Software is vulnerable to a denial of service, caused by insufficient bounds checking when parsing specific HTTP authentication messages. By sending malicious traffic to an affected device acting as a VPN Gateway, a remote authenticated attacker could exploit this vulnerability to cause the device to reload or retrieve bytes from the device process memory.

CVE-2022-20742, CVSS 7.4


Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote attacker to obtain sensitive information, caused by improper implementation of Galois/Counter Mode (GCM) ciphers. By intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption, a remote attacker could exploit this vulnerability to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.

Impact

  • Denial of Service
  • Obtain Information
  • Cross-Site Scripting
  • Bypass Security
  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2022-20767
  • CVE-2022-20760
  • CVE-2022-20759
  • CVE-2022-20757
  • CVE-2022-20751
  • CVE-2022-20748
  • CVE-2022-20746
  • CVE-2022-20745
  • CVE-2022-20744
  • CVE-2022-20743
  • CVE-2022-20742
  • CVE-2022-20740
  • CVE-2022-20737
  • CVE-2022-20730
  • CVE-2022-20729
  • CVE-2022-20715
  • CVE-2022-20629
  • CVE-2022-20628
  • CVE-2022-20627

Affected Vendors

  • Cisco

Affected Products

  • Cisco Adaptive Security Appliance Software 7.0
  • Cisco Adaptive Security Appliance Software 7.0.1
  • Cisco Adaptive Security Appliance Software 7.0.1.4
  • Cisco Adaptive Security Appliance Software 7.0.2
  • Cisco Adaptive Security Appliance Software 7.0.4
  • Cisco Adaptive Security Appliance Software 7.0.4.3
  • Cisco Adaptive Security Appliance Software 7.0.5
  • Cisco Adaptive Security Appliance Software 7.0.6
  • Cisco Adaptive Security Appliance Software 7.0.7
  • Cisco Adaptive Security Appliance Software 7.0.8
  • Cisco Adaptive Security Appliance Software 7.0.8 Interim
  • Cisco Adaptive Security Appliance Software 7.1
  • Cisco Adaptive Security Appliance Software 7.1.1
  • Cisco Adaptive Security Appliance Software 7.1.2
  • Cisco Adaptive Security Appliance Software 7.2
  • Cisco Adaptive Security Appliance Software 7.2.1
  • Cisco Adaptive Security Appliance Software 7.2.2
  • Cisco Adaptive Security Appliance Software 7.2.3
  • Cisco Adaptive Security Appliance Software 7.2.4
  • Cisco Adaptive Security Appliance Software 7.2.5
  • Cisco Adaptive Security Appliance Software 8.0
  • Cisco Adaptive Security Appliance Software 8.0.2
  • Cisco Adaptive Security Appliance Software 8.0.3
  • Cisco Adaptive Security Appliance Software 8.0.4
  • Cisco Adaptive Security Appliance Software 8.0.5
  • Cisco Adaptive Security Appliance Software 8.2.1
  • Cisco Adaptive Security Appliance Software 8.2.2
  • Cisco Adaptive Security Appliance Software 8.2.2 Interim
  • Cisco Adaptive Security Appliance Software 8.2.3
  • Cisco Adaptive Security Appliance Software 8.3.1
  • Cisco Adaptive Security Appliance Software 8.3.1 Interim
  • Cisco Adaptive Security Appliance Software 8.3.2
  • Cisco Adaptive Security Appliance Software 8.1
  • Cisco Adaptive Security Appliance Software 8.5
  • Cisco Adaptive Security Appliance Software 8.4
  • Cisco Adaptive Security Appliance Software 8.2
  • Cisco Adaptive Security Appliance Software 8.7.1
  • Cisco Adaptive Security Appliance Software 8.7.1.1
  • Cisco Adaptive Security Appliance Software
  • Cisco Adaptive Security Appliance Software 9.1(1)
  • Cisco Adaptive Security Appliance Software 8.4(0.3)
  • Cisco Adaptive Security Appliance Software 9.0
  • Cisco Adaptive Security Appliance Software 8.7
  • Cisco Adaptive Security Appliance Software 9.1
  • Cisco Adaptive Security Appliance Software 8.6
  • Cisco Adaptive Security Appliance Software 9.4.3.2
  • Cisco Adaptive Security Appliance Software 9.4.3.1
  • Cisco Adaptive Security Appliance Software 9.4.4
  • Cisco Adaptive Security Appliance Software 9.4.4.13
  • Cisco Adaptive Security Appliance Software 9.5.2.7
  • Cisco Adaptive Security Appliance Software 9.5.2.8
  • Cisco Adaptive Security Appliance Software 9.5.3.7
  • Cisco Adaptive Security Appliance Software 9.5.3.9
  • Cisco Adaptive Security Appliance Software 9.6.2.9
  • Cisco Adaptive Security Appliance Software 9.6.2.21
  • Cisco Adaptive Security Appliance Software 9.6.3.17
  • Cisco Adaptive Security Appliance Software 9.6.3
  • Cisco Firepower Threat Defense (FTD) Software 6.2.0
  • Cisco Firepower Threat Defense (FTD) Software 6.2.1
  • Cisco Firepower Threat Defense (FTD) Software 6.2.2
  • Cisco Firepower Threat Defense (FTD) Software 6.2.3
  • Cisco Firepower Threat Defense (FTD) Software 6.5.0
  • Cisco Firepower Threat Defense (FTD) Software 6.3.0
  • Cisco Firepower Threat Defense (FTD) Software 6.4.0
  • Cisco Firepower Threat Defense (FTD) Software 7.0.1
  • Cisco Firepower Threat Defense Software 7.0.0
  • Cisco Firepower Management Center Software 6.6.0
  • Cisco Firepower Management Center Software 6.2.2
  • Cisco Firepower Management Center Software 6.2.3
  • Cisco Firepower Management Center Software 6.3.0
  • Cisco Firepower Management Center Software 6.4.0
  • Cisco Firepower Management Center Software 6.7.0
  • Cisco Firepower Management Center Software 6.5.0
  • Cisco Firepower Management Center Software 7.0.0
  • Cisco Firepower Management Center Software 7.1.0
  • Cisco Firepower Threat Defense Software
  • Cisco Firepower Management Center

Remediation

Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.

CVE-2022-20767

CVE-2022-20760

CVE-2022-20757

CVE-2022-20751

CVE-2022-20748

CVE-2022-20746

CVE-2022-20745

CVE-2022-20744

CVE-2022-20740

CVE-2022-20730

CVE-2022-20759

CVE-2022-20743

CVE-2022-20729

CVE-2022-20629

CVE-2022-20627

CVE-2022-20628

CVE-2022-20715

CVE-2022-20737

CVE-2022-20742

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.