Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-20854

CVSS 7.5 · High EPSS 0.79% · P74
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20854

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Firepower Management Center和Firepower Threat Defense 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Firepower Management Center(FMC)和Cisco Firepower Threat Defense(FTD)都是美国思科(Cisco)公司的产品。Cisco Firepower Management Center是新一代防火墙管理中心软件。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。 Cisco Firepower Management Center(FMC) Software和Cisco Firepower T
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Firepower Management Center N/A -
CiscoCisco Firepower Threat Defense Software N/A -

II. Public POCs for CVE-2022-20854

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-20854

登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-11-10 · 33 CVEs total

CVE-2022-209468.6 HIGHCisco Firepower Threat Defense 缓冲区错误漏洞
CVE-2022-209478.6 HIGHCisco Adaptive Security Appliance Software和Firepower Threat Defense(FTD)Software 缓冲区错误漏洞
CVE-2022-209277.7 HIGHCisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software 缓冲区错误漏洞
CVE-2022-209247.7 HIGHCisco Firepower Threat Defense 输入验证错误漏洞
CVE-2022-209187.5 HIGHCisco Firepower Management Center 授权问题漏洞
CVE-2022-209496.5 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-208266.4 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-209256.3 MEDIUMCisco Firepower Management Center 操作系统命令注入漏洞
CVE-2022-209266.3 MEDIUMCisco Firepower Management Center 操作系统命令注入漏洞
CVE-2022-209346.0 MEDIUMCisco Firepower Threat Defense和Cisco FXOS Software 操作系统操作系统命令注入漏洞
CVE-2022-209505.8 MEDIUMCisco Firepower Threat Defense 代码问题漏洞
CVE-2022-209285.8 MEDIUMCisco Adaptive Security Appliance(ASA)Software和Cisco Firepower Threat Defense(FTD)Software
CVE-2022-209225.8 MEDIUM多款Cisco产品安全漏洞
CVE-2022-209435.8 MEDIUM多款Cisco产品安全漏洞
CVE-2022-209405.3 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-209415.3 MEDIUMCisco Firepower Management Center 安全特征问题漏洞
CVE-2022-208314.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208324.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208334.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208344.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco Firepower Management Center
Same vendor: Cisco
Same weakness: CWE-400

V. Comments for CVE-2022-20854

No comments yet

Leave a comment