VDB

CVE-2022-20927

CVE-2022-20927 PUBLISHED CVSS 7.699999809265137 HIGH

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

EPSS 0.19% · 41.2th percentile

Risk Scores

CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.19%
41.2th percentile

Affected Products

VendorProductVersions
ciscofirepower_services_software_for_asa
CiscoCisco FirePOWER Services Software for ASA*
CiscoCisco Firepower Threat Defense Software6.6.0, 6.7.0.3, 6.6.1
ciscofirepower_threat_defense6.7.0, 6.6.0, 6.6.0.1
ciscoadaptive_security_appliance_software9.14.3.18, 9.15.1, 9.15.1.1
CiscoCisco Adaptive Security Appliance (ASA) Software9.14.1.10, 9.14.1.15, 9.14.1.19

Exploit Intelligence

Timeline

  • Nov 10, 2022 CVE Published
  • Nov 16, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 6, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Jul 31, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 18, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›