CVE-2022-20940
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.
Una vulnerabilidad en el controlador TLS del software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial. Esta vulnerabilidad se debe a la implementación inadecuada de contramedidas contra un ataque Bleichenbacher en un dispositivo que utiliza políticas de descifrado SSL. Un atacante podría aprovechar esta vulnerabilidad enviando mensajes TLS manipulados a un dispositivo afectado, lo que actuaría como un oráculo y permitiría al atacante llevar a cabo un ataque de texto cifrado elegido. Un exploit exitoso podría permitir al atacante realizar operaciones criptoanalíticas que podrían permitir el descifrado de sesiones TLS previamente capturadas en el dispositivo afectado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-02 CVE Reserved
- 2022-11-10 CVE Published
- 2024-06-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-bb-rCgtmY2 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.3 <= 6.2.3.18 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.3 <= 6.2.3.18" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 <= 6.3.0.5 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 <= 6.3.0.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.4.0 <= 6.4.0.14 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.4.0 <= 6.4.0.14" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.5.0 <= 6.5.0.5 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.5.0 <= 6.5.0.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.7.0 <= 6.7.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.7.0 <= 6.7.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 7.0.0 <= 7.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 7.0.0 <= 7.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.4 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.5 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.5.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.5.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 6.6.5.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version "6.6.5.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.1.0.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.1.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.1.0.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.2" | - |
Affected
| ||||||