SB2022042815 - Multiple vulnerabilities in Cisco Firepower Threat Defense Software

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Handling of Unexpected Data Type (CVE-ID: CVE-2022-20730)

The vulnerability allows a remote attacker to bypass the Security Intelligence DNS feed. 

The vulnerability exists due to incorrect feed update processing. A remote attacker can bypass device controls and send traffic to devices that are expected to be protected by the affected device. 

2) XML injection (CVE-ID: CVE-2022-20729)

The vulnerability allows a local user to compromise the target system

The vulnerability exists due to improper input validation when processing XML data in CLI. A local user can pass specially crafted XML data to the application, resulting in unexpected processing of the command and unexpected command output.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-sidns-bypass-3PzA5pO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-xmlinj-8GWjGzKe