Main Vulnerability Database Vulnerabilities #VU62681

#VU62681 XML injection in Cisco Firewall Threat Defense (FTD) - CVE-2022-20729

Published: April 28, 2022

Vulnerability identifier: #VU62681

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-20729

CWE-ID: CWE-91

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Firewall Threat Defense (FTD)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to compromise the target system

The vulnerability exists due to improper input validation when processing XML data in CLI. A local user can pass specially crafted XML data to the application, resulting in unexpected processing of the command and unexpected command output.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-xmlinj-8GWjGzKe

#VU62681 XML injection in Cisco Firewall Threat Defense (FTD) - CVE-2022-20729

Description

Remediation

External links

Please verify you're human