Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

April 29, 2022

Severity

Medium

Analysis Summary

CVE-2022-20767, CVSS 8.6

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper handling of the DNS reputation enforcement rule in the Snort rule evaluation function. By sending specially-crafted UDP packets, a remote attacker could exploit this vulnerability to cause traffic that is going through the affected device to be dropped

CVE-2022-20760, CVSS 8.6

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are vulnerable to a denial of service, caused by improper processing of incoming requests in the DNS inspection handler. By sending specially crafted DNS requests at a high rate to an affected device, a remote attacker could exploit this vulnerability to cause the device to stop responding.

CVE-2022-20757, CVSS 8.6

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper traffic handling when platform limits are reached. By sending a high rate of UDP traffic through an affected device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20751, CVSS 8.6

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by insufficient memory management for certain Snort events. By sending a series of specially crafted IP packets that would generate specific Snort events on an affected device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20748, CVSS 5.3

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by insufficient error handling in the local malware analysis process of an affected device. By sending a specially crafted file through the device, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20746, CVSS 8.6

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by the improper handling of TCP flows by the TCP Proxy functionality. By sending a specially crafted stream of TCP traffic, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-20745, CVSS 8.6

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are vulnerable to a denial of service, caused by improper input validation in the web services interface when parsing HTTPS requests. By sending a specially-crafted HTTPS request, a remote attacker could exploit this vulnerability to cause the device to reload.

CVE-2022-20744, CVSS 4.3

Cisco Firepower Management Center Software could allow a remote authenticated attacker to obtain sensitive information, caused by a protection mechanism that relies on the existence of values of a specific input in the input protection. By modifying the input and sending a specially crafted request, an attacker could exploit this vulnerability to view data without proper authorization.

CVE-2022-20740, CVSS 6.1

Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20730, CVSS 4

Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an improper feed update processing. By sending a specially-crafted traffic, an attacker could exploit this vulnerability to bypass device controls and successfully send traffic to devices that are expected to be protected.

CVE-2022-20759, CVSS 8.8

could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper separation of authentication and authorization scopes. By sending a specially-crafted HTTPS messages to the web services interface, an authenticated attacker could exploit this vulnerability to gain privilege level 15 access to the web management interface.

CVE-2022-20743, CVSS 6.5

Cisco Firepower Management Center could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

CVE-2022-20729, CVSS 4.4

Cisco Firepower Threat Defense Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an XML injection flaw in the the command parser. By including specially-crafted input in commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-20627, CVSS 5.4

Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20628, CVSS 5.4

Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20629, CVSS 5.4

Cisco Firepower Management Center Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-20715, CVSS 8.6

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper validation of errors in remote access SSL VPN features. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the device to restart.

CVE-2022-20737, CVSS 8.5

Cisco Adaptive Security Appliance Software is vulnerable to a denial of service, caused by insufficient bounds checking when parsing specific HTTP authentication messages. By sending malicious traffic to an affected device acting as a VPN Gateway, a remote authenticated attacker could exploit this vulnerability to cause the device to reload or retrieve bytes from the device process memory.

CVE-2022-20742, CVSS 7.4

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote attacker to obtain sensitive information, caused by improper implementation of Galois/Counter Mode (GCM) ciphers. By intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption, a remote attacker could exploit this vulnerability to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.