VDB
CVE-2022-20760
CVE-2022-20760
PUBLISHED
In Cisco ASA (Adaptive Security Appliance) und Cisco Firepower existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund einer unsachgemäßen Validierung von Fehlern, die als Folge von Client-Verbindungen protokolliert werden, einer unsachgemäßen Eingabevalidierung beim Parsen von HTTPS-Anforderungen und einer unzureichenden Verarbeitung eingehender Anforderungen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
EPSS 2.59% · 85.9th percentile
Risk Scores
EPSS Score
2.59%
85.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco ASA (Adaptive Security Appliance) | |
| Cisco | Cisco Firepower Threat Defense |
Timeline
- Apr 27, 2022 CVE Published
- May 3, 2022 EPSS Score
- Jun 22, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Nov 18, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Feb 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 16, 2023 EPSS Score
- Jul 24, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2024-1218.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1218 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye advisory
- https://inthewild.io/vuln/CVE-2022-20759 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq advisory