CVE-2022-20924Improper Check or Handling of Exceptional Conditions in Cisco Adaptive Security Appliance Software

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
0.7%
top 27.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software+1 more
Timeline
PublishedNov 15
Latest updateNov 16

Description

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDcisco/firepower_threat_defense24 versions+23

🔴Vulnerability Details

2
GHSA
GHSA-c65r-538m-2h3f: A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa2022-11-16
CVEList
CVE-2022-20924: A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa2022-11-10

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability2022-11-09
CVE-2022-20924 — Cisco vulnerability | cvebase