Cisco FMC Web UI XSS Vulnerability (CVE-2022-20836)
CVE-2022-20836 Published on November 15, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.

NVD

Vulnerability Analysis

CVE-2022-20836 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2022-20836 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2022-20836

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-20836 are published in these products:

Cisco Firepower Management Center

Cisco Secure Firewall Management Center

Affected Versions

Cisco Firepower Management Center:

Version 6.2.3 is affected.
Version 6.2.3.1 is affected.
Version 6.2.3.2 is affected.
Version 6.2.3.3 is affected.
Version 6.2.3.4 is affected.
Version 6.2.3.5 is affected.
Version 6.2.3.6 is affected.
Version 6.2.3.7 is affected.
Version 6.2.3.9 is affected.
Version 6.2.3.10 is affected.
Version 6.2.3.11 is affected.
Version 6.2.3.12 is affected.
Version 6.2.3.13 is affected.
Version 6.2.3.14 is affected.
Version 6.2.3.15 is affected.
Version 6.2.3.8 is affected.
Version 6.2.3.16 is affected.
Version 6.2.3.17 is affected.
Version 6.2.3.18 is affected.
Version 6.4.0 is affected.
Version 6.4.0.1 is affected.
Version 6.4.0.3 is affected.
Version 6.4.0.2 is affected.
Version 6.4.0.4 is affected.
Version 6.4.0.5 is affected.
Version 6.4.0.6 is affected.
Version 6.4.0.7 is affected.
Version 6.4.0.8 is affected.
Version 6.4.0.9 is affected.
Version 6.4.0.10 is affected.
Version 6.4.0.11 is affected.
Version 6.4.0.12 is affected.
Version 6.4.0.13 is affected.
Version 6.4.0.14 is affected.
Version 6.4.0.15 is affected.
Version 6.6.0 is affected.
Version 6.6.0.1 is affected.
Version 6.6.1 is affected.
Version 6.6.3 is affected.
Version 6.6.4 is affected.
Version 6.6.5 is affected.
Version 6.6.5.1 is affected.
Version 6.6.5.2 is affected.
Version 6.6.7 is affected.
Version 6.7.0 is affected.
Version 6.7.0.1 is affected.
Version 6.7.0.2 is affected.
Version 6.7.0.3 is affected.
Version 7.0.0 is affected.
Version 7.0.0.1 is affected.
Version 7.0.1 is affected.
Version 7.0.1.1 is affected.
Version 7.0.2 is affected.
Version 7.0.2.1 is affected.
Version 7.0.3 is affected.
Version 7.0.4 is affected.
Version 7.1.0 is affected.
Version 7.1.0.1 is affected.
Version 7.1.0.2 is affected.

Exploit Probability

EPSS

0.17%

Percentile

37.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.