4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
According to its self-reported version, Cisco FTD Software is affected by an XML injection vulnerability.
An authenticated, local attacker can inject XML into the command parser, which could result in the unexpected processing of the command and unexpected output.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 141e9a5789b5777f27b0240ab47bc534b8fd1a1d8ea68cf86f247127061cf56784a1c84ec51273e8673f92bfaee67cc3e7e7bba08b01603ed8acaa280543efca4cdd9cc94da9391281e2f5750450212e2c8d8c1da426b087145a840fc9dc46d6aec7d7daeb1afc553a3a442ed2b64a53138f699e81a8c804d3998cffa170447ef8421c0c02264bdb857114fe43293aba86d418732323b8b66395399eda64c4850a4822b0ab51946df083cff1c4ebee2db7d9dfdb31e6ea450fa254ffd69d1f9c71f13411610f1646af24ed0c2bd1e8afe1c4d2b30d7479872785c9b4c1e509c7a4b6d4a7c64cfc2707bcd34beb4252f73528abc3d3a7a38a87f053c9dd156555dac1b009ab65e90569a840c7a443ea73d6169bf81c3b0ab55e7197d217d735de7100384f93fe78889217ca15e66e5731c8ecf6c4f7208d4bc99f416967191da476244d196014999b1a607df4f9d7b2785a9634637d63a2bb560a7dedba7daca3f3b686cea5b44343b36a4b8149225b243dc1910299e48abaa1ea0f84ae3671f4d6b6beb603e8a5418e97a09ca2ddb143312e7183bce9f107b7a72e6dd6e606d6a6807bd3daabe6257b77039058021bf8ee793a98bf8c3d58c6d4a66bc579a9ed26d04534063a4f014b171fbef96b105b05b00104c1737c490b375fa717ae72d8359de2d5c7985e0f6fe81ba432459b548942ddd5fbed72a36a801387422527d0
#TRUST-RSA-SHA256 7e96a84b11bab2defbd8097602f0524cdd6b1e3cb2fa64fa1c1b1e55d034511f5a106df9bfda305a0f38585029ceff641491723df135be23321ea189d4bcb1ee38bd2fdb168277c9e7f90d926d901938fe707ed30feabf2232ecccd9f966baceb72e0b95c88b2d509b49408cdfdb3eacf78581cf298c3fd364cdda2fbb6fdfa9618accad0642a3c338c0c55afc09e47938b2f70704debc6cee87ee733aefcdeaa357d0271808998e6c578d5e480d168b116d7ca8587dbdcbd533c5934b9f72713b7c3a711158e612761380f6f8aba5d62fbf03a1a81afee79e4a30854a61d2f574c4375fa4a7a290acb373c6c37524ffaaf9e5f0432a6bcbc5054b87761428c4076d50262d0a8fda18b1bd23826656dee2cfe7a66a4659dd51864855a7a4da8fdcb1d234c2ae8458c185323a464dc0c72494cb6ccae954dc6b69464980209cbfe13e6f5b768de1a55c3bc4fd3e93349c414551b43148c2058336502828a92d407aa4e60b2a50691d7c6adab0936e32a1562d129ecf230bbded42c58cb0cec8e32a36411dc1c417492b3e24183a446faba3d7d8a9c15ff7e1cb95e4ae8f5af114c13d2dd952c5de0a020bbad970fc86d9b83804dffaa79664ca448a01c6fd73d3d8e8251df3ca12be249b67123cb4bb92d7145dd45b1751aecefc20a90886a9469cbc5cfdad4c825b7af97c05aaa01396eea9dc22ec55bc3ce6693ad4f37012c3
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(160535);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/21");
script_cve_id("CVE-2022-20729");
script_xref(name:"CISCO-BUG-ID", value:"CSCvy41763");
script_xref(name:"CISCO-SA", value:"cisco-sa-ftd-xmlinj-8GWjGzKe");
script_xref(name:"IAVA", value:"2022-A-0184-S");
script_name(english:"Cisco Firepower Threat Defense Software XML Injection (cisco-sa-ftd-xmlinj-8GWjGzKe)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco FTD Software is affected by an XML injection vulnerability.
An authenticated, local attacker can inject XML into the command parser, which could result in the unexpected
processing of the command and unexpected output.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-xmlinj-8GWjGzKe
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1144d4ef");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy41763");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvy41763");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20729");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(91);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/27");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_threat_defense");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_enumerate_firepower.nbin");
script_require_keys("installed_sw/Cisco Firepower Threat Defense");
exit(0);
}
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');
var vuln_ranges = [
{'min_ver': '0.0', 'fix_ver': '6.2.3'},
{'min_ver': '6.3.0', 'fix_ver': '6.4.0.15'},
{'min_ver': '6.5.0', 'fix_ver': '6.6.5.2'},
{'min_ver': '6.7.0', 'fix_ver': '7.0.2'}
];
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvy41763',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges
);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firepower_threat_defense | cpe:/a:cisco:firepower_threat_defense |
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%