VDB

CVE-2022-20946

CVE-2022-20946 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

EPSS 1.43% · 81.0th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
1.43%
81.0th percentile

Affected Products

VendorProductVersions
CiscoCisco Firepower Threat Defense Software6.6.0.1, 6.6.1, 6.6.3
ciscofirepower_threat_defense6.3.0, 6.5.0, 6.6.0

Exploit Intelligence

Timeline

  • Nov 10, 2022 CVE Published
  • Nov 16, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 6, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Jul 31, 2023 EPSS Score
  • Sep 12, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 18, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›