VDB

CVE-2022-20938

CVE-2022-20938 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.

EPSS 0.13% · 32.3th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.13%
32.3th percentile

Affected Products

VendorProductVersions
CiscoCisco Firepower Management Center6.2.3, 6.2.3.1, 6.2.3.3
ciscosecure_firewall_management_center6.1.0.4, 6.1.0, 6.1.0.1

Exploit Intelligence

Timeline

  • Nov 10, 2022 CVE Published
  • Nov 16, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 24, 2023 EPSS Score
  • May 6, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Jul 31, 2023 EPSS Score
  • Sep 12, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›