Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-20918

Опубликовано: 15 нояб. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.

This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential.

This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.5 (исключая)

EPSS

Процентиль: 73%
0.00752
Низкий

7.5 High

CVSS3

Дефекты

CWE-284
CWE-287

Связанные уязвимости

github логотип

GHSA-2cx7-566f-cvrr

CVSS3: 7.5
github
около 3 лет назад

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.

fstec логотип

BDU:2023-00173

CVSS3: 7.5
fstec
около 3 лет назад

Уязвимость реализации протокола SNMP программного обеспечения администрирования сети Cisco Firepower Management Center (FMC), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 73%
0.00752
Низкий

7.5 High

CVSS3

Дефекты

CWE-284
CWE-287