Multiple vulnerabilities in Cisco Firepower Threat Defense Software

Published: 2022-04-28

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2022-20730 CVE-2022-20729
CWE-ID	CWE-241 CWE-91
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Handling of Unexpected Data Type

EUVDB-ID: #VU62684

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20730

CWE-ID: CWE-241 - Improper Handling of Unexpected Data Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass the Security Intelligence DNS feed.

The vulnerability exists due to incorrect feed update processing. A remote attacker can bypass device controls and send traffic to devices that are expected to be protected by the affected device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.2.2 - 7.0.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-sidns-bypass-3PzA5pO

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) XML injection

EUVDB-ID: #VU62681

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20729

CWE-ID: CWE-91 - XML Injection