#VU69205 Resource management error in Cisco Firepower Threat Defense (FTD) - CVE-2022-20949
Vulnerability identifier: #VU69205
Vulnerability risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions /
Security hardware applicances
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to improper management of internal resources within the application in the management web server. A remote administrator can send specially crafted messages to the affected HTTPS handler and perform configuration changes on the affected system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Firepower Threat Defense (FTD): 9.6.0.128, 9.6.1 - 9.6.1.19, 9.6.2 - 9.6.2.23, 9.6.3 - 9.6.3.24, 9.6.4 - 9.6.4.45, 9.7.1 - 9.7.1.24, 9.8.1 - 9.8.1.7, 9.8.2 - 9.8.2.45, 9.8.3 - 9.8.3.29, 9.8.4 - 9.8.4.45, 9.9.1 - 9.9.1.5, 9.9.2 - 9.9.2.235, 9.10.1 - 9.10.1.44, 9.12.1 - 9.12.1.3, 9.12.2 - 9.12.2.9, 9.12.3 - 9.12.3.12, 9.12.4 - 9.12.4.50, 9.13.1 - 9.13.1.21, 9.14.1 - 9.14.1.30, 9.14.2 - 9.14.2.15, 9.14.3 - 9.14.3.18, 9.14.4 - 9.14.4.12, 9.15.1 - 9.15.1.21, 9.16.1 - 9.16.1.28, 9.16.2 - 9.16.2.14, 9.16.3 - 9.16.3.15, 9.17.1 - 9.17.1.15, 9.18.1 - 9.18.1.3
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-privesc-7GqR2th
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
