Multiple vulnerabilities in Cisco Firepower Threat Defense Software



Published: 2022-04-28
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-20730
CVE-2022-20729
CWE-ID CWE-241
CWE-91
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Handling of Unexpected Data Type

EUVDB-ID: #VU62684

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20730

CWE-ID: CWE-241 - Improper Handling of Unexpected Data Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass the Security Intelligence DNS feed. 

The vulnerability exists due to incorrect feed update processing. A remote attacker can bypass device controls and send traffic to devices that are expected to be protected by the affected device. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.2.2, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 7.0.0


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-sidns-bypass-3PzA5pO

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) XML injection

EUVDB-ID: #VU62681

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20729

CWE-ID: CWE-91 - XML Injection

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system

The vulnerability exists due to improper input validation when processing XML data in CLI. A local user can pass specially crafted XML data to the application, resulting in unexpected processing of the command and unexpected command output.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.2.2, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 7.0.0


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-xmlinj-8GWjGzKe

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###