gsd-2022-20938
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-20938",
    "description": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.",
    "id": "GSD-2022-20938"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20938"
      ],
      "details": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.",
      "id": "GSD-2022-20938",
      "modified": "2023-12-13T01:19:16.170240Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2022-20938",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower Management Center",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.10"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.11"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.12"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.13"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.14"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.15"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.16"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.17"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.2.3.18"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.10"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.11"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.12"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.13"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.14"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.4.0.15"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.5.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.6.5.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.7.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.7.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.7.0.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.7.0.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.1.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.2.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.1.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.1.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information.\r\n\r This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed."
          }
        ]
      },
      "exploit": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-611",
                "lang": "eng",
                "value": "Improper Restriction of XML External Entity Reference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd",
            "refsource": "MISC",
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-fmc-xxe-MzPC4bYd",
        "defects": [
          "CSCwb53694"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2AC1B12A-A2EC-4C24-AEBC-944AE2939458",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A74489D5-5B4F-48A2-9384-3AF5A599B6D5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8AB6251C-F898-431C-B693-DF075B8808B6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FAB30570-97B9-4CE1-8175-CF234B9CEECE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "278DCC34-378E-4E55-9B26-C50282908676",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "43589A9B-96AE-48F7-A630-6FC29034D223",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "32EC0D9B-1249-4768-8CC2-A4DAE61B37CB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2391B499-3FF7-4E5D-870F-946154AB2548",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4EE23BDD-AFC1-41F6-AD26-CE89636A7DCB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D78A8A76-4FEA-4376-B619-6A017BEAB905",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4F1DE13A-5966-4F75-B190-1ADAEE98FC50",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8B9976A7-1D53-4B69-9DA6-AD9733A474A6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BD5D29D6-90C7-4E90-979F-34CFC21875A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB32F943-C8EC-4B10-89E1-B72245CC8E85",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "99479490-9BB9-40BD-B4FB-A23D81E48631",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "60C9F471-F335-43EE-8FCB-52CADC777A55",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D7F48599-FAD1-4BEC-9EB1-AA5717FB09EC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CFBA1BCF-4595-4CCA-9222-CC24302207E7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5F347DF9-11AC-4821-8569-FDF02028F0C0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB9381BB-77B5-4460-A46D-B905B0CFA06E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*",
                    "matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*",
                    "matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*",
                    "matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*",
                    "matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "134CD651-CA72-47A0-8B48-A9C332C02013",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6A28FE66-9A15-4C1B-B946-D4F26A60DEAE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8C94C13E-DF81-4F7B-87FF-469090FD2133",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "15B0848B-3F39-4303-9B2F-6D25CD15FBF2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2F337BD6-8532-4A3B-A495-EDAEB15926FE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "97736B65-429A-4B5C-A340-A1BBE2B91E9B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4A995913-A8DB-4536-93BF-AAF82F0FCDB7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0978063C-A157-4C32-AF5C-AC3731467EDE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "24F13364-A0C1-464B-998B-2B0B40A7A64B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1B0FE8B9-125A-4F7A-A205-3B38747BAE22",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3294BE65-8A2A-4243-847E-7AC1EB6035DD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BFE14143-8DE7-4EEA-93F6-C05CFAB36895",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information.\r\n\r This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad en la funci\u00f3n de importaci\u00f3n de m\u00f3dulos de la interfaz administrativa del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n confidencial. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la sintaxis XML al importar un m\u00f3dulo. Un atacante podr\u00eda aprovechar esta vulnerabilidad proporcionando un archivo XML especialmente manipulado para la funci\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante leer datos confidenciales que normalmente no ser\u00edan revelados."
          }
        ],
        "id": "CVE-2022-20938",
        "lastModified": "2024-01-25T17:15:20.443",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "ykramarz@cisco.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2022-11-15T21:15:34.430",
        "references": [
          {
            "source": "ykramarz@cisco.com",
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
          }
        ],
        "sourceIdentifier": "ykramarz@cisco.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-611"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-611"
              }
            ],
            "source": "ykramarz@cisco.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.