VDB
CVE-2022-20940
CVE-2022-20940
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.
EPSS 0.27% · 51.0th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.27%
51.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | firepower_threat_defense | 6.2.3, 6.3.0, 6.4.0 |
| Cisco | Cisco Firepower Threat Defense Software | 6.6.1, 6.6.3, 6.6.4 |
Exploit Intelligence
- cisco-sa-ftd-tls-bb-rCgtmY2 (circl)
Timeline
- Nov 10, 2022 CVE Published
- Nov 16, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 10, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 24, 2023 EPSS Score
- May 6, 2023 EPSS Score
- Jun 18, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Dec 6, 2023 EPSS Score