Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20927

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

Published

2022-11-15T21:15:32.607

Last Modified

2024-11-21T06:43:50.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-120
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco adaptive_security_appliance_software 9.13.1 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.2 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.7 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.10 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.12 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.13 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.16 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.19 Yes
Operating System cisco adaptive_security_appliance_software 9.13.1.21 Yes
Operating System cisco adaptive_security_appliance_software 9.14.1 Yes
Operating System cisco adaptive_security_appliance_software 9.14.1.10 Yes
Operating System cisco adaptive_security_appliance_software 9.14.1.15 Yes
Operating System cisco adaptive_security_appliance_software 9.14.1.19 Yes
Operating System cisco adaptive_security_appliance_software 9.14.1.30 Yes
Operating System cisco adaptive_security_appliance_software 9.14.2 Yes
Operating System cisco adaptive_security_appliance_software 9.14.2.4 Yes
Operating System cisco adaptive_security_appliance_software 9.14.2.8 Yes
Operating System cisco adaptive_security_appliance_software 9.14.2.13 Yes
Operating System cisco adaptive_security_appliance_software 9.14.2.15 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.1 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.9 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.11 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.13 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.15 Yes
Operating System cisco adaptive_security_appliance_software 9.14.3.18 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.1 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.7 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.10 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.15 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.16 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.17 Yes
Operating System cisco adaptive_security_appliance_software 9.15.1.21 Yes
Application cisco firepower_threat_defense ≤ 6.5.0.5 Yes
Application cisco firepower_threat_defense ≤ 6.7.0.3 Yes
Application cisco firepower_threat_defense 6.6.0 Yes
Application cisco firepower_threat_defense 6.6.0.1 Yes
Application cisco firepower_threat_defense 6.6.1 Yes
Application cisco firepower_threat_defense 6.6.3 Yes
Application cisco firepower_threat_defense 6.6.4 Yes
Application cisco firepower_threat_defense 6.6.5 Yes
Application cisco firepower_threat_defense 6.6.5.1 Yes
Application cisco firepower_services_software_for_asa - Yes
References