← Back

CVE-2022-20854

nvd nist
Published: Nov 15, 2022Modified: Nov 26, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.

Affected (50)

Cisco
2 products
Secure Firewall Management Center
Firepower Threat Defense
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Secure Firewall Management Center
From 6.1.0 to 6.1.0.7
Secure Firewall Management Center
From 6.2.0 to 6.2.0.6
Secure Firewall Management Center
From 6.2.2 to 6.2.2.5
Secure Firewall Management Center
From 6.2.3 to 6.2.3.18
Secure Firewall Management Center
From 6.3.0 to 6.3.0.5
Secure Firewall Management Center
From 6.4.0 to 6.4.0.15
Secure Firewall Management Center
From 6.5.0 to 6.5.0.5
Secure Firewall Management Center
From 6.7.0 to 6.7.0.3
Secure Firewall Management Center
Version 6.2.1
Secure Firewall Management Center
Version 6.6.0.1
Secure Firewall Management Center
Version 6.6.0
Secure Firewall Management Center
Version 6.6.1
Secure Firewall Management Center
Version 6.6.3
Secure Firewall Management Center
Version 6.6.4
Secure Firewall Management Center
Version 6.6.5.1
Secure Firewall Management Center
Version 6.6.5.2
Secure Firewall Management Center
Version 6.6.5
Secure Firewall Management Center
Version 7.0.0.1
Secure Firewall Management Center
Version 7.0.0
Secure Firewall Management Center
Version 7.0.1.1
Secure Firewall Management Center
Version 7.0.1
Secure Firewall Management Center
Version 7.0.2.1
Secure Firewall Management Center
Version 7.0.2
Secure Firewall Management Center
Version 7.0.3
Secure Firewall Management Center
Version 7.0.4
Configuration B
25 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Firepower Threat Defense
From 6.1.0 to 6.1.0.7
Firepower Threat Defense
From 6.2.0 to 6.2.0.6
Firepower Threat Defense
From 6.2.2 to 6.2.2.5
Firepower Threat Defense
From 6.2.3 to 6.2.3.18
Firepower Threat Defense
From 6.3.0 to 6.3.0.5
Firepower Threat Defense
From 6.4.0 to 6.4.0.15
Firepower Threat Defense
From 6.5.0 to 6.5.0.5
Firepower Threat Defense
From 6.7.0 to 6.7.0.3
Firepower Threat Defense
Version 6.2.1
Firepower Threat Defense
Version 6.6.0.1
Firepower Threat Defense
Version 6.6.0
Firepower Threat Defense
Version 6.6.1
Firepower Threat Defense
Version 6.6.3
Firepower Threat Defense
Version 6.6.4
Firepower Threat Defense
Version 6.6.5.1
Firepower Threat Defense
Version 6.6.5.2
Firepower Threat Defense
Version 6.6.5
Firepower Threat Defense
Version 7.0.0.1
Firepower Threat Defense
Version 7.0.0
Firepower Threat Defense
Version 7.0.1.1
Firepower Threat Defense
Version 7.0.1
Firepower Threat Defense
Version 7.0.2.1
Firepower Threat Defense
Version 7.0.2
Firepower Threat Defense
Version 7.0.3
Firepower Threat Defense
Version 7.0.4

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (2)

Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.