VDB
CVE-2022-20742
CVE-2022-20742
PUBLISHED
Es existiert eine Schwachstelle in Cisco ASA (Adaptive Security Appliance) und Cisco Firepower. Der Fehler besteht aufgrund einer unsachgemäßen Implementierung von Galois/Counter Mode (GCM)-Chiffren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu entschlüsseln, zu lesen, zu ändern und erneut zu verschlüsseln, die über einen betroffenen IPsec IKEv2 VPN-Tunnel übertragen werden und so vertrauliche Informationen offenlegen.
EPSS 0.13% · 32.3th percentile
Risk Scores
EPSS Score
0.13%
32.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Firepower Threat Defense | |
| Cisco | Cisco ASA (Adaptive Security Appliance) |
Exploit Intelligence
Timeline
- Apr 27, 2022 CVE Published
- May 3, 2022 EPSS Score
- Jun 22, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Nov 18, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Feb 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 16, 2023 EPSS Score
- Jun 4, 2023 EPSS Score
- Jul 24, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2024-1218.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1218 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye advisory
- https://inthewild.io/vuln/CVE-2022-20759 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq advisory