Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-20950

CVSS 5.8 · Medium EPSS 0.47% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20950

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Firepower Threat Defense 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense(FTD)Software存在安全漏洞,该漏洞源于其SIP和Snort 3交互时对双向流时缺乏错误检查允许未经身份验证的远程攻击者导致Snort 3检测引擎重新启动。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Firepower Threat Defense Software 7.2.0 -

II. Public POCs for CVE-2022-20950

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-20950

登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-11-10 · 33 CVEs total

CVE-2022-209468.6 HIGHCisco Firepower Threat Defense 缓冲区错误漏洞
CVE-2022-209478.6 HIGHCisco Adaptive Security Appliance Software和Firepower Threat Defense(FTD)Software 缓冲区错误漏洞
CVE-2022-209277.7 HIGHCisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software 缓冲区错误漏洞
CVE-2022-209247.7 HIGHCisco Firepower Threat Defense 输入验证错误漏洞
CVE-2022-209187.5 HIGHCisco Firepower Management Center 授权问题漏洞
CVE-2022-208547.5 HIGHCisco Firepower Management Center和Firepower Threat Defense 资源管理错误漏洞
CVE-2022-209496.5 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-208266.4 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-209256.3 MEDIUMCisco Firepower Management Center 操作系统命令注入漏洞
CVE-2022-209266.3 MEDIUMCisco Firepower Management Center 操作系统命令注入漏洞
CVE-2022-209346.0 MEDIUMCisco Firepower Threat Defense和Cisco FXOS Software 操作系统操作系统命令注入漏洞
CVE-2022-209285.8 MEDIUMCisco Adaptive Security Appliance(ASA)Software和Cisco Firepower Threat Defense(FTD)Software
CVE-2022-209225.8 MEDIUM多款Cisco产品安全漏洞
CVE-2022-209435.8 MEDIUM多款Cisco产品安全漏洞
CVE-2022-209405.3 MEDIUMCisco Firepower Threat Defense 安全漏洞
CVE-2022-209415.3 MEDIUMCisco Firepower Management Center 安全特征问题漏洞
CVE-2022-208314.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208324.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208334.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞
CVE-2022-208344.8 MEDIUMCisco Firepower Management Center 跨站脚本漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco Firepower Threat Defense Software
Same vendor: Cisco
Same weakness: CWE-770

V. Comments for CVE-2022-20950

No comments yet

Leave a comment