CVE-2022-20715 vulnerability in Cisco Products
Published on May 3, 2022
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.
Vulnerability Analysis
CVE-2022-20715 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Products Associated with CVE-2022-20715
stack.watch emails you whenever new vulnerabilities are published in Cisco Firepower Threat Defense or Cisco Adaptive Security Appliance Software. Just hit a watch button to start following.
Affected Versions
Cisco Adaptive Security Appliance (ASA) Software Version n/a is affected by CVE-2022-20715Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.