Lucene search

CiscoCVELIST:CVE-2022-20746

HistoryMay 03, 2022 - 3:15 a.m.

CVE-2022-20746 Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

2022-05-0303:15:17

CWE-476

cisco

www.cve.org

cve-2022-20746

cisco firepower threat defense

denial of service

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CNA Affected

[
  {
    "product": "Cisco Firepower Threat Defense Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-kM9SHhOu

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

Related for CVELIST:CVE-2022-20746