Lucene search

K
cve[email protected]CVE-2022-20927
HistoryNov 15, 2022 - 9:15 p.m.

CVE-2022-20927

2022-11-1521:15:32
CWE-120
web.nvd.nist.gov
69
5
cisco
asa
ftd
ssl
tls
vulnerability
cve-2022-20927
dos

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.4%

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

Affected configurations

NVD
Node
ciscoadaptive_security_appliance_softwareMatch9.13.1
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.2
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.7
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.12
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.13
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.16
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.19
OR
ciscoadaptive_security_appliance_softwareMatch9.13.1.21
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.19
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.30
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.4
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.8
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.13
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.1
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.9
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.11
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.13
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.18
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.1
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.7
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.15
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.16
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.17
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.21
Node
ciscofirepower_threat_defenseRange6.5.0โ€“6.5.0.5
OR
ciscofirepower_threat_defenseRange6.7.0โ€“6.7.0.3
OR
ciscofirepower_threat_defenseMatch6.6.0
OR
ciscofirepower_threat_defenseMatch6.6.0.1
OR
ciscofirepower_threat_defenseMatch6.6.1
OR
ciscofirepower_threat_defenseMatch6.6.3
OR
ciscofirepower_threat_defenseMatch6.6.4
OR
ciscofirepower_threat_defenseMatch6.6.5
OR
ciscofirepower_threat_defenseMatch6.6.5.1
Node
ciscofirepower_services_software_for_asaMatch-

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "versions": [
      {
        "version": "9.14.1",
        "status": "affected"
      },
      {
        "version": "9.14.1.10",
        "status": "affected"
      },
      {
        "version": "9.14.1.15",
        "status": "affected"
      },
      {
        "version": "9.14.1.19",
        "status": "affected"
      },
      {
        "version": "9.14.1.30",
        "status": "affected"
      },
      {
        "version": "9.14.2",
        "status": "affected"
      },
      {
        "version": "9.14.2.4",
        "status": "affected"
      },
      {
        "version": "9.14.2.8",
        "status": "affected"
      },
      {
        "version": "9.14.2.13",
        "status": "affected"
      },
      {
        "version": "9.14.2.15",
        "status": "affected"
      },
      {
        "version": "9.14.3",
        "status": "affected"
      },
      {
        "version": "9.14.3.1",
        "status": "affected"
      },
      {
        "version": "9.14.3.9",
        "status": "affected"
      },
      {
        "version": "9.14.3.11",
        "status": "affected"
      },
      {
        "version": "9.14.3.13",
        "status": "affected"
      },
      {
        "version": "9.14.3.18",
        "status": "affected"
      },
      {
        "version": "9.14.3.15",
        "status": "affected"
      },
      {
        "version": "9.15.1",
        "status": "affected"
      },
      {
        "version": "9.15.1.7",
        "status": "affected"
      },
      {
        "version": "9.15.1.10",
        "status": "affected"
      },
      {
        "version": "9.15.1.15",
        "status": "affected"
      },
      {
        "version": "9.15.1.16",
        "status": "affected"
      },
      {
        "version": "9.15.1.17",
        "status": "affected"
      },
      {
        "version": "9.15.1.1",
        "status": "affected"
      },
      {
        "version": "9.15.1.21",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Threat Defense Software",
    "versions": [
      {
        "version": "6.6.0",
        "status": "affected"
      },
      {
        "version": "6.6.0.1",
        "status": "affected"
      },
      {
        "version": "6.6.1",
        "status": "affected"
      },
      {
        "version": "6.6.3",
        "status": "affected"
      },
      {
        "version": "6.6.4",
        "status": "affected"
      },
      {
        "version": "6.6.5",
        "status": "affected"
      },
      {
        "version": "6.6.5.1",
        "status": "affected"
      },
      {
        "version": "6.6.5.2",
        "status": "affected"
      },
      {
        "version": "6.7.0",
        "status": "affected"
      },
      {
        "version": "6.7.0.1",
        "status": "affected"
      },
      {
        "version": "6.7.0.2",
        "status": "affected"
      },
      {
        "version": "6.7.0.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco FirePOWER Services Software for ASA",
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]

Social References

More

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.4%

Related for CVE-2022-20927