8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.7%
The version of Cisco Firepower Management Center installed on the remote host is prior to tested version. It is, therefore, affected by insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit these vulnerabilities by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(167270);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/25");
script_cve_id("CVE-2022-20925", "CVE-2022-20926");
script_xref(name:"IAVA", value:"2022-A-0486");
script_xref(name:"CISCO-BUG-ID", value:"CSCwb23029");
script_xref(name:"CISCO-BUG-ID", value:"CSCwb23048");
script_xref(name:"CISCO-SA", value:"cisco-sa-fmc-cmd-inj-Z3B5MY35");
script_name(english:"Cisco Firepower Management Center Software Command Injection Vulnerabilities (cisco-sa-fmc-cmd-inj-Z3B5MY35)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Cisco Firepower Management Center installed on the remote host is prior to tested version. It is,
therefore, affected by insufficient validation of user-supplied parameters for certain API endpoints. An attacker
could exploit these vulnerabilities by sending crafted input to an affected API endpoint. A successful exploit
could allow an attacker to execute arbitrary commands on the device with low system privileges.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-Z3B5MY35
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c6d8b22");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb23029");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb23048");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwb23029, CSCwb23048");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20926");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(77);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_management_center");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_firepower_version.nasl");
script_require_keys("Host/Cisco/firepower_mc/version");
exit(0);
}
include('vcf.inc');
app_info = vcf::get_app_info(
app:'Cisco Firepower Management Center',
kb_ver:'Host/Cisco/firepower_mc/version'
);
# Only vuln if device configured to use host input client feature.
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
vcf::check_granularity(app_info:app_info, sig_segments:3);
constraints = [
{'min_version':'7.0', 'fixed_version':'7.0.5'},
{'min_version':'7.1', 'fixed_version':'7.1.0.3', 'fixed_display':'7.1.0.3 / 7.2.0'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firepower_management_center | cpe:/a:cisco:firepower_management_center |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.7%