VDB

CVE-2022-20854

CVE-2022-20854 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.

EPSS 0.79% · 74.3th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.79%
74.3th percentile

Affected Products

VendorProductVersions
ciscosecure_firewall_management_center6.1.0, 7.0.0, 7.0.4
CiscoCisco Firepower Management CenterN/A
CiscoCisco Firepower Threat Defense SoftwareN/A
ciscofirepower_threat_defense7.0.3, 7.0.0, 6.6.0.1

Exploit Intelligence

Timeline

  • Nov 10, 2022 CVE Published
  • Nov 16, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 6, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Jul 31, 2023 EPSS Score
  • Sep 12, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Jan 18, 2024 EPSS Score
  • Mar 1, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›