Resource management error in Cisco Firepower Threat Defense Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-20949 |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU69205
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20949
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to improper management of internal resources within the application in the management web server. A remote administrator can send specially crafted messages to the affected HTTPS handler and perform configuration changes on the affected system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Firepower Threat Defense (FTD): 9.6.0.128 - 9.18.1.3
CPE2.3- cpe:2.3:h:cisco_systems:cisco_ftd:9.16.3.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.18.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.14.4.12:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.16.2.14:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.17.1.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.10.1.44:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.12.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.12.2.9:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.12.3.12:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.12.4.50:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.13.1.21:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.14.1.30:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.14.2.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.14.3.18:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.15.1.21:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.16.1.28:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.6.0.128:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.6.1.19:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.6.2.23:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.6.3.24:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.6.4.45:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.7.1.24:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.8.1.7:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.8.2.45:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.8.3.29:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.8.4.45:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.9.1.5:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:9.9.2.235:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
