fkie_cve-2022-20927
Vulnerability from fkie_nvd
Published
2022-11-15 21:15
Modified
2024-11-21 06:43
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA
Impacted products
Vendor Product Version
cisco adaptive_security_appliance_software 9.13.1
cisco adaptive_security_appliance_software 9.13.1.2
cisco adaptive_security_appliance_software 9.13.1.7
cisco adaptive_security_appliance_software 9.13.1.10
cisco adaptive_security_appliance_software 9.13.1.12
cisco adaptive_security_appliance_software 9.13.1.13
cisco adaptive_security_appliance_software 9.13.1.16
cisco adaptive_security_appliance_software 9.13.1.19
cisco adaptive_security_appliance_software 9.13.1.21
cisco adaptive_security_appliance_software 9.14.1
cisco adaptive_security_appliance_software 9.14.1.10
cisco adaptive_security_appliance_software 9.14.1.15
cisco adaptive_security_appliance_software 9.14.1.19
cisco adaptive_security_appliance_software 9.14.1.30
cisco adaptive_security_appliance_software 9.14.2
cisco adaptive_security_appliance_software 9.14.2.4
cisco adaptive_security_appliance_software 9.14.2.8
cisco adaptive_security_appliance_software 9.14.2.13
cisco adaptive_security_appliance_software 9.14.2.15
cisco adaptive_security_appliance_software 9.14.3
cisco adaptive_security_appliance_software 9.14.3.1
cisco adaptive_security_appliance_software 9.14.3.9
cisco adaptive_security_appliance_software 9.14.3.11
cisco adaptive_security_appliance_software 9.14.3.13
cisco adaptive_security_appliance_software 9.14.3.15
cisco adaptive_security_appliance_software 9.14.3.18
cisco adaptive_security_appliance_software 9.15.1
cisco adaptive_security_appliance_software 9.15.1.1
cisco adaptive_security_appliance_software 9.15.1.7
cisco adaptive_security_appliance_software 9.15.1.10
cisco adaptive_security_appliance_software 9.15.1.15
cisco adaptive_security_appliance_software 9.15.1.16
cisco adaptive_security_appliance_software 9.15.1.17
cisco adaptive_security_appliance_software 9.15.1.21
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_threat_defense 6.6.0
cisco firepower_threat_defense 6.6.0.1
cisco firepower_threat_defense 6.6.1
cisco firepower_threat_defense 6.6.3
cisco firepower_threat_defense 6.6.4
cisco firepower_threat_defense 6.6.5
cisco firepower_threat_defense 6.6.5.1
cisco firepower_services_software_for_asa -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9AE545-A469-41C7-BD95-3CC80AF8067B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3255DB9E-85A5-48ED-90AA-6A7A55A0B1F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B6C9A0-B941-4C7C-BFE9-F1D837D5ADBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E783FD-5D4B-4C4F-BBFE-1186EFDFEF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "40145CFB-CEE8-4ABA-A9C2-BA262B7A9AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C82327-5362-4876-8058-EB51030CD5DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C700CC9-E16F-4C05-915D-1CA39257ACCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABDBB94-BA4F-4991-A703-0D7DDF999CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59B6947-1953-4C86-A76C-7A881CD3A502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "171E1C5D-68C5-4BBC-AE18-D1518A1B7277",
              "versionEndIncluding": "6.5.0.5",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E",
              "versionEndIncluding": "6.7.0.3",
              "versionStartIncluding": "6.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C5EF69-498C-4433-8B86-91EB343C3F63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el cliente SSL/TLS del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de la memoria cuando un dispositivo inicia conexiones SSL/TLS. Un atacante podr\u00eda aprovechar esta vulnerabilidad asegur\u00e1ndose de que el dispositivo se conecte a un servidor SSL/TLS que utilice par\u00e1metros de cifrado espec\u00edficos. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo afectado entre en bucle de carga inesperadamente, lo que resultar\u00eda en una condici\u00f3n DoS."
    }
  ],
  "id": "CVE-2022-20927",
  "lastModified": "2024-11-21T06:43:50.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T21:15:32.607",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.