Main Vulnerability Database SB2022111117

SB2022111117 - Improper access control in Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software

Published: November 11, 2022

Security Bulletin ID SB2022111117

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2022-20918)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the presence of a default credential for Simple Network Management Protocol (SNMP) version 1 version 2. A remote attacker can send a specially crafted SNMPv1 or SNMPv2 GET request and retrieve sensitive information from the target device.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcsfr-snmp-access-6gqgtJ4S