5.3
CVE-2022-20941
- EPSS 0.17%
- Published 15.11.2022 21:15:34
- Last modified 26.11.2024 16:09:02
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Secure Firewall Management Center Version6.1.0
Cisco ≫ Secure Firewall Management Center Version6.1.0.1
Cisco ≫ Secure Firewall Management Center Version6.1.0.2
Cisco ≫ Secure Firewall Management Center Version6.1.0.3
Cisco ≫ Secure Firewall Management Center Version6.1.0.4
Cisco ≫ Secure Firewall Management Center Version6.1.0.5
Cisco ≫ Secure Firewall Management Center Version6.1.0.6
Cisco ≫ Secure Firewall Management Center Version6.1.0.7
Cisco ≫ Secure Firewall Management Center Version6.2.0
Cisco ≫ Secure Firewall Management Center Version6.2.0.1
Cisco ≫ Secure Firewall Management Center Version6.2.0.2
Cisco ≫ Secure Firewall Management Center Version6.2.0.3
Cisco ≫ Secure Firewall Management Center Version6.2.0.4
Cisco ≫ Secure Firewall Management Center Version6.2.0.5
Cisco ≫ Secure Firewall Management Center Version6.2.0.6
Cisco ≫ Secure Firewall Management Center Version6.2.1
Cisco ≫ Secure Firewall Management Center Version6.2.2
Cisco ≫ Secure Firewall Management Center Version6.2.2.1
Cisco ≫ Secure Firewall Management Center Version6.2.2.2
Cisco ≫ Secure Firewall Management Center Version6.2.2.3
Cisco ≫ Secure Firewall Management Center Version6.2.2.4
Cisco ≫ Secure Firewall Management Center Version6.2.2.5
Cisco ≫ Secure Firewall Management Center Version6.2.3
Cisco ≫ Secure Firewall Management Center Version6.2.3.1
Cisco ≫ Secure Firewall Management Center Version6.2.3.2
Cisco ≫ Secure Firewall Management Center Version6.2.3.3
Cisco ≫ Secure Firewall Management Center Version6.2.3.4
Cisco ≫ Secure Firewall Management Center Version6.2.3.5
Cisco ≫ Secure Firewall Management Center Version6.2.3.6
Cisco ≫ Secure Firewall Management Center Version6.2.3.7
Cisco ≫ Secure Firewall Management Center Version6.2.3.8
Cisco ≫ Secure Firewall Management Center Version6.2.3.9
Cisco ≫ Secure Firewall Management Center Version6.2.3.10
Cisco ≫ Secure Firewall Management Center Version6.2.3.11
Cisco ≫ Secure Firewall Management Center Version6.2.3.12
Cisco ≫ Secure Firewall Management Center Version6.2.3.13
Cisco ≫ Secure Firewall Management Center Version6.2.3.14
Cisco ≫ Secure Firewall Management Center Version6.2.3.15
Cisco ≫ Secure Firewall Management Center Version6.2.3.16
Cisco ≫ Secure Firewall Management Center Version6.2.3.17
Cisco ≫ Secure Firewall Management Center Version6.2.3.18
Cisco ≫ Secure Firewall Management Center Version6.3.0
Cisco ≫ Secure Firewall Management Center Version6.3.0.1
Cisco ≫ Secure Firewall Management Center Version6.3.0.2
Cisco ≫ Secure Firewall Management Center Version6.3.0.3
Cisco ≫ Secure Firewall Management Center Version6.3.0.4
Cisco ≫ Secure Firewall Management Center Version6.3.0.5
Cisco ≫ Secure Firewall Management Center Version6.4.0
Cisco ≫ Secure Firewall Management Center Version6.4.0.1
Cisco ≫ Secure Firewall Management Center Version6.4.0.2
Cisco ≫ Secure Firewall Management Center Version6.4.0.3
Cisco ≫ Secure Firewall Management Center Version6.4.0.4
Cisco ≫ Secure Firewall Management Center Version6.4.0.5
Cisco ≫ Secure Firewall Management Center Version6.4.0.6
Cisco ≫ Secure Firewall Management Center Version6.4.0.7
Cisco ≫ Secure Firewall Management Center Version6.4.0.8
Cisco ≫ Secure Firewall Management Center Version6.4.0.9
Cisco ≫ Secure Firewall Management Center Version6.4.0.10
Cisco ≫ Secure Firewall Management Center Version6.4.0.11
Cisco ≫ Secure Firewall Management Center Version6.4.0.12
Cisco ≫ Secure Firewall Management Center Version6.4.0.13
Cisco ≫ Secure Firewall Management Center Version6.4.0.14
Cisco ≫ Secure Firewall Management Center Version6.4.0.15
Cisco ≫ Secure Firewall Management Center Version6.5.0
Cisco ≫ Secure Firewall Management Center Version6.5.0.1
Cisco ≫ Secure Firewall Management Center Version6.5.0.2
Cisco ≫ Secure Firewall Management Center Version6.5.0.3
Cisco ≫ Secure Firewall Management Center Version6.5.0.4
Cisco ≫ Secure Firewall Management Center Version6.5.0.5
Cisco ≫ Secure Firewall Management Center Version6.6.0
Cisco ≫ Secure Firewall Management Center Version6.6.0.1
Cisco ≫ Secure Firewall Management Center Version6.6.1
Cisco ≫ Secure Firewall Management Center Version6.6.3
Cisco ≫ Secure Firewall Management Center Version6.6.4
Cisco ≫ Secure Firewall Management Center Version6.6.5
Cisco ≫ Secure Firewall Management Center Version6.6.5.1
Cisco ≫ Secure Firewall Management Center Version6.6.5.2
Cisco ≫ Secure Firewall Management Center Version6.6.7
Cisco ≫ Secure Firewall Management Center Version6.7.0
Cisco ≫ Secure Firewall Management Center Version6.7.0.1
Cisco ≫ Secure Firewall Management Center Version6.7.0.2
Cisco ≫ Secure Firewall Management Center Version6.7.0.3
Cisco ≫ Secure Firewall Management Center Version7.0.0
Cisco ≫ Secure Firewall Management Center Version7.0.0.1
Cisco ≫ Secure Firewall Management Center Version7.0.1
Cisco ≫ Secure Firewall Management Center Version7.0.1.1
Cisco ≫ Secure Firewall Management Center Version7.0.2
Cisco ≫ Secure Firewall Management Center Version7.0.2.1
Cisco ≫ Secure Firewall Management Center Version7.0.3
Cisco ≫ Secure Firewall Management Center Version7.0.4
Cisco ≫ Secure Firewall Management Center Version7.1.0
Cisco ≫ Secure Firewall Management Center Version7.1.0.1
Cisco ≫ Secure Firewall Management Center Version7.1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.39 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-331 Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
CWE-334 Small Space of Random Values
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.