2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-20927" ,
"sourceIdentifier" : "ykramarz@cisco.com" ,
"published" : "2022-11-15T21:15:32.607" ,
2023-08-15 20:00:38 +00:00
"lastModified" : "2023-08-15T18:20:10.327" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Analyzed" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
} ,
{
"source" : "ykramarz@cisco.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.7 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.1 ,
"impactScore" : 4.0
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
2023-08-15 20:00:38 +00:00
"value" : "NVD-CWE-noinfo"
2023-04-24 12:24:31 +02:00
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C39F7F9-48DD-4B6C-84C5-011AA4276005"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7FD7445F-F352-416E-AB5A-F225F2A38690"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A829317B-1394-40EC-A519-1C1EB0517A4D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A8568BFB-83EC-4F4C-B931-B4CCA5F98BDE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "182203D1-EA05-47BB-8682-9B4506DE97A0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.16:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6051A7BC-B6EB-4BB4-B545-1769EFD6A60F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.19:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8604A862-5D06-414D-BAAE-BAFD03955834"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.13.1.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DBEFEAD5-1C7B-4596-B1D2-6AAD04892327"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "13D66C4F-F7C3-4470-9767-25C43524DBDC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.1.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E8680F4-C1D0-4AE5-9B53-9ED595833D1B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.1.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DD2E8FF2-D9AB-4F86-94D7-79F080EE84E9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.1.19:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3658FDC4-FC57-4281-9376-F66B0CC85826"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F74FA696-5B57-4D1B-9068-069C8A605C70"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C4E5D009-238D-45E0-8D7B-2FCB3406C13A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.2.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "57AC67A3-F768-43C4-8513-0AF4BA12A3F0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.2.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C849F77C-B56F-4F3E-9E18-AD701FCBB742"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.2.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E8B31A9B-5303-4B84-A2F9-4E4951CB570F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "441DB30E-9CFB-4F70-A7F7-DC5CEAE7C982"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "95BC9BBB-006C-43E5-AC51-C707B4F7749F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA0F6E81-B467-4C33-9DF8-F321F8555D83"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8409F18B-D199-4CEF-9BA7-40BE6BA97D7E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0BA33DFE-58E3-4334-8DFA-F8B2691724D8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B6E6D720-91E2-447F-A23A-60719AC707EA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.14.3.18:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2243D639-F4F0-4D75-AB62-023C9FE5130B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9601F69-E591-487E-BBBC-06E9C66B5811"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E5965E70-FE82-4038-9690-18831CBA9EEF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCF5C1E7-EC01-49EB-90D6-9179E17FBF4F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F73EA1D9-0739-4E82-9EF3-16AA72000B92"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A3D3F67B-32DC-45BB-9AF1-04A873E4F966"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.16:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3D19F2D6-5AE3-4E39-99E8-07DA50AED3F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.17:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DD29815E-8B50-44E2-96AB-58D353700D72"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:adaptive_security_appliance:9.15.1.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1375D7A6-6645-4C0A-A527-11F5714A8B5E"
2023-08-15 20:00:38 +00:00
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "23C82327-5362-4876-8058-EB51030CD5DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.5.0" ,
"versionEndIncluding" : "6.5.0.5" ,
"matchCriteriaId" : "171E1C5D-68C5-4BBC-AE18-D1518A1B7277"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.7.0" ,
"versionEndIncluding" : "6.7.0.3" ,
"matchCriteriaId" : "1110632C-526F-4025-A7BE-0CF9F37E5F9E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DCD69468-8067-4A5D-B2B0-EC510D889AA0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20AE4051-FA3B-4F0B-BD3D-083A14269FF6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "67FB5ABE-3C40-4C58-B91F-0621C2180FAC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "53909FD6-EC74-4D2F-99DA-26E70400B53F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "55FE024D-0D43-40AD-9645-8C54ECF17824"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D4C5EF69-498C-4433-8B86-91EB343C3F63"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA" ,
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
}
]
}
