CVE-2022-20949

Severity

49%

Complexity

12%

Confidentiality

60%

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software.

CVSS 3.1 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

Overview

Type

Cisco Firepower Threat Defense

First reported 2 years ago

2022-11-15 21:15:00

Last updated 2 years ago

2022-11-22 14:49:00

Affected Software

Cisco Firepower Threat Defense 6.2.1

6.2.1

Cisco Firepower Threat Defense (FTD)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.