QID 317171
Date Published: 2022-05-04
QID 317171: Cisco Firepower Threat Defense (FTD) Software Denial of Service (DoS) Vulnerability (cisco-sa-ftd-dos-JnnJm4wB, cisco-sa-asaftd-dos-nJVAwOeq)
A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Affected Products
Cisco devices if they are running a vulnerable release of Cisco FTD Software
and are configured to send traffic to Snort2 or Snort3 for further evaluation when a matching blocking rule is encountered(CVE-2022-20757) or have the have DNS inspection enabled(CVE-2022-20760).
Vulnerable Versions:
Earlier than 6.4.0.15 (May 2022)
From 6.5.0 Prior to 6.6.5.2
From 6.7.0 Prior to Cisco_FTD_Hotfix_AA-6.7.0.4-2.sh.REL.tar
From 7.0.0 Prior to 7.0.2 (May 2022)
From 7.1.0 Prior to 7.1.0.1
Note: Potential detection as cannot confirm if device is configured to send traffic to Snort2 or Snort3 for further evaluation when a matching blocking rule is encountered(CVE-2022-20757) or have the have DNS inspection enabled(CVE-2022-20760).
QID Detection Logic (Authenticated):
The check matches Cisco FTD OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition.
Customers are advised to refer to cisco-sa-ftd-dos-JnnJm4wB for more information.
- cisco-sa-asaftd-dos-nJVAwOeq -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq - cisco-sa-ftd-dos-JnnJm4wB -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-JnnJm4wB
CVEs related to QID 317171
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-ftd-dos-JnnJm4wB |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-JnnJm4wB |