Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-20946

Опубликовано: 15 нояб. 2022
Источник: nvd
CVSS3: 8.6
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"]

This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.3.0 (включая) до 6.3.0.5 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.4.0 (включая) до 6.4.0.15 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.5.0 (включая) до 6.5.0.5 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.6.0 (включая) до 6.6.5.2 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 6.7.0 (включая) до 6.7.0.3 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.3 (включая)
cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01431
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122
CWE-787

Связанные уязвимости

github логотип

GHSA-g6x8-jxpj-jmgj

CVSS3: 7.5
github
около 3 лет назад

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

fstec логотип

BDU:2022-07470

CVSS3: 8.6
fstec
около 3 лет назад

Уязвимость реализации протокола GRE микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01431
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122
CWE-787