CVE-2022-20950
Published on: Not Yet Published
Last Modified on: 11/22/2022 02:50:00 PM UTC
CVE-2022-20950 - advisory for cisco-sa-ftdsnort3sip-dos-A4cHeArC
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Firepower Threat Defense from Cisco contain the following vulnerability:
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.
- CVE-2022-20950 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software:
Cisco - Cisco Firepower Threat Defense Software version = 7.2.0
- Affected Vendor/Software:
Cisco - Cisco Firepower Threat Defense Software version = 7.2.0.1
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | LOW |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
No Description Provided | tools.cisco.com text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Firepower Threat Defense | 7.2.0 | All | All | All |
Application | Cisco | Firepower Threat Defense | 7.2.0.1 | All | All | All |
- cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*:
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-20950 | 2022-11-15 21:38:57 |