FKIE_CVE-2022-20927

Vulnerability from fkie_nvd - Published: 2022-11-15 21:15 - Updated: 2024-11-21 06:43
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA
Impacted products
Vendor Product Version
cisco adaptive_security_appliance_software 9.13.1
cisco adaptive_security_appliance_software 9.13.1.2
cisco adaptive_security_appliance_software 9.13.1.7
cisco adaptive_security_appliance_software 9.13.1.10
cisco adaptive_security_appliance_software 9.13.1.12
cisco adaptive_security_appliance_software 9.13.1.13
cisco adaptive_security_appliance_software 9.13.1.16
cisco adaptive_security_appliance_software 9.13.1.19
cisco adaptive_security_appliance_software 9.13.1.21
cisco adaptive_security_appliance_software 9.14.1
cisco adaptive_security_appliance_software 9.14.1.10
cisco adaptive_security_appliance_software 9.14.1.15
cisco adaptive_security_appliance_software 9.14.1.19
cisco adaptive_security_appliance_software 9.14.1.30
cisco adaptive_security_appliance_software 9.14.2
cisco adaptive_security_appliance_software 9.14.2.4
cisco adaptive_security_appliance_software 9.14.2.8
cisco adaptive_security_appliance_software 9.14.2.13
cisco adaptive_security_appliance_software 9.14.2.15
cisco adaptive_security_appliance_software 9.14.3
cisco adaptive_security_appliance_software 9.14.3.1
cisco adaptive_security_appliance_software 9.14.3.9
cisco adaptive_security_appliance_software 9.14.3.11
cisco adaptive_security_appliance_software 9.14.3.13
cisco adaptive_security_appliance_software 9.14.3.15
cisco adaptive_security_appliance_software 9.14.3.18
cisco adaptive_security_appliance_software 9.15.1
cisco adaptive_security_appliance_software 9.15.1.1
cisco adaptive_security_appliance_software 9.15.1.7
cisco adaptive_security_appliance_software 9.15.1.10
cisco adaptive_security_appliance_software 9.15.1.15
cisco adaptive_security_appliance_software 9.15.1.16
cisco adaptive_security_appliance_software 9.15.1.17
cisco adaptive_security_appliance_software 9.15.1.21
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_threat_defense 6.6.0
cisco firepower_threat_defense 6.6.0.1
cisco firepower_threat_defense 6.6.1
cisco firepower_threat_defense 6.6.3
cisco firepower_threat_defense 6.6.4
cisco firepower_threat_defense 6.6.5
cisco firepower_threat_defense 6.6.5.1
cisco firepower_services_software_for_asa -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9AE545-A469-41C7-BD95-3CC80AF8067B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3255DB9E-85A5-48ED-90AA-6A7A55A0B1F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B6C9A0-B941-4C7C-BFE9-F1D837D5ADBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E783FD-5D4B-4C4F-BBFE-1186EFDFEF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "40145CFB-CEE8-4ABA-A9C2-BA262B7A9AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C82327-5362-4876-8058-EB51030CD5DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C700CC9-E16F-4C05-915D-1CA39257ACCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABDBB94-BA4F-4991-A703-0D7DDF999CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59B6947-1953-4C86-A76C-7A881CD3A502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "171E1C5D-68C5-4BBC-AE18-D1518A1B7277",
              "versionEndIncluding": "6.5.0.5",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E",
              "versionEndIncluding": "6.7.0.3",
              "versionStartIncluding": "6.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C5EF69-498C-4433-8B86-91EB343C3F63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el cliente SSL/TLS del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de la memoria cuando un dispositivo inicia conexiones SSL/TLS. Un atacante podr\u00eda aprovechar esta vulnerabilidad asegur\u00e1ndose de que el dispositivo se conecte a un servidor SSL/TLS que utilice par\u00e1metros de cifrado espec\u00edficos. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo afectado entre en bucle de carga inesperadamente, lo que resultar\u00eda en una condici\u00f3n DoS."
    }
  ],
  "id": "CVE-2022-20927",
  "lastModified": "2024-11-21T06:43:50.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T21:15:32.607",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.