CVE-2022-20715
published 2022-05-03CVE-2022-20715: A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software…
high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | adaptive_security_appliance | — | — |
| cisco | adaptive_security_appliance_software | < 9.8.4.44 | 9.8.4.44 |
| cisco | adaptive_security_appliance_software | >= 9.13 < 9.14.4 | 9.14.4 |
| cisco | adaptive_security_appliance_software | >= 9.15 < 9.15.1.21 | 9.15.1.21 |
| cisco | adaptive_security_appliance_software | >= 9.16.0 < 9.16.2.14 | 9.16.2.14 |
| cisco | adaptive_security_appliance_software | >= 9.17.0 < 9.17.1.7 | 9.17.1.7 |
| cisco | adaptive_security_appliance_software | >= 9.9 < 9.12.4.38 | 9.12.4.38 |
| cisco | cisco_adaptive_security_appliance_software | — | — |
| cisco | firepower_threat_defense | < 6.4.0.15 | 6.4.0.15 |
| cisco | firepower_threat_defense | — | — |
| cisco | firepower_threat_defense | >= 6.5.0 < 6.6.5.2 | 6.6.5.2 |
| cisco | firepower_threat_defense | >= 6.7.0 < 7.0.2 | 7.0.2 |