CVE-2022-20854

EPSS 0.15%
Published 15.11.2022 21:15:27
Last modified 26.11.2024 16:09:02
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

 This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Secure Firewall Management Center Version >= 6.1.0 <= 6.1.0.7

Cisco ≫ Secure Firewall Management Center Version >= 6.2.0 <= 6.2.0.6

Cisco ≫ Secure Firewall Management Center Version >= 6.2.2 <= 6.2.2.5

Cisco ≫ Secure Firewall Management Center Version >= 6.2.3 <= 6.2.3.18

Cisco ≫ Secure Firewall Management Center Version >= 6.3.0 <= 6.3.0.5

Cisco ≫ Secure Firewall Management Center Version >= 6.4.0 <= 6.4.0.15

Cisco ≫ Secure Firewall Management Center Version >= 6.5.0 <= 6.5.0.5

Cisco ≫ Secure Firewall Management Center Version >= 6.7.0 <= 6.7.0.3

Cisco ≫ Secure Firewall Management Center Version6.2.1

Cisco ≫ Secure Firewall Management Center Version6.6.0

Cisco ≫ Secure Firewall Management Center Version6.6.0.1

Cisco ≫ Secure Firewall Management Center Version6.6.1

Cisco ≫ Secure Firewall Management Center Version6.6.3

Cisco ≫ Secure Firewall Management Center Version6.6.4

Cisco ≫ Secure Firewall Management Center Version6.6.5

Cisco ≫ Secure Firewall Management Center Version6.6.5.1

Cisco ≫ Secure Firewall Management Center Version6.6.5.2

Cisco ≫ Secure Firewall Management Center Version7.0.0

Cisco ≫ Secure Firewall Management Center Version7.0.0.1

Cisco ≫ Secure Firewall Management Center Version7.0.1

Cisco ≫ Secure Firewall Management Center Version7.0.1.1

Cisco ≫ Secure Firewall Management Center Version7.0.2

Cisco ≫ Secure Firewall Management Center Version7.0.2.1

Cisco ≫ Secure Firewall Management Center Version7.0.3

Cisco ≫ Secure Firewall Management Center Version7.0.4

Cisco ≫ Firepower Threat Defense Version >= 6.1.0 <= 6.1.0.7

Cisco ≫ Firepower Threat Defense Version >= 6.2.0 <= 6.2.0.6

Cisco ≫ Firepower Threat Defense Version >= 6.2.2 <= 6.2.2.5

Cisco ≫ Firepower Threat Defense Version >= 6.2.3 <= 6.2.3.18

Cisco ≫ Firepower Threat Defense Version >= 6.3.0 <= 6.3.0.5

Cisco ≫ Firepower Threat Defense Version >= 6.4.0 <= 6.4.0.15

Cisco ≫ Firepower Threat Defense Version >= 6.5.0 <= 6.5.0.5

Cisco ≫ Firepower Threat Defense Version >= 6.7.0 <= 6.7.0.3

Cisco ≫ Firepower Threat Defense Version6.2.1

Cisco ≫ Firepower Threat Defense Version6.6.0

Cisco ≫ Firepower Threat Defense Version6.6.0.1

Cisco ≫ Firepower Threat Defense Version6.6.1

Cisco ≫ Firepower Threat Defense Version6.6.3

Cisco ≫ Firepower Threat Defense Version6.6.4

Cisco ≫ Firepower Threat Defense Version6.6.5

Cisco ≫ Firepower Threat Defense Version6.6.5.1

Cisco ≫ Firepower Threat Defense Version6.6.5.2

Cisco ≫ Firepower Threat Defense Version7.0.0

Cisco ≫ Firepower Threat Defense Version7.0.0.1

Cisco ≫ Firepower Threat Defense Version7.0.1

Cisco ≫ Firepower Threat Defense Version7.0.1.1

Cisco ≫ Firepower Threat Defense Version7.0.2

Cisco ≫ Firepower Threat Defense Version7.0.2.1

Cisco ≫ Firepower Threat Defense Version7.0.3

Cisco ≫ Firepower Threat Defense Version7.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dos-OwEunWJN

https://nvd.nist.gov/vuln/detail/CVE-2022-20854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20854

EUVD