VDB

CVE-2022-20926

CVE-2022-20926 PUBLISHED CVSS 6.300000190734863 MEDIUM

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions.

EPSS 0.85% · 75.3th percentile

Risk Scores

CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.85%
75.3th percentile

Affected Products

VendorProductVersions
CiscoCisco Firepower Management Center7.0.3, 7.0.0, 7.0.0.1
ciscosecure_firewall_management_center7.0.0, 7.0.1, 7.0.4

Exploit Intelligence

Timeline

  • Nov 10, 2022 CVE Published
  • Nov 16, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 6, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Jul 31, 2023 EPSS Score
  • Sep 12, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›