FTD Web Server Auth Bypass Enables Remote Config via HTTPS
CVE-2022-20949 Published on November 15, 2022

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software.

NVD

Vulnerability Analysis

CVE-2022-20949 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Resource Management Errors

Weaknesses in this category are related to improper management of system resources.

Products Associated with CVE-2022-20949

Want to know whenever a new CVE is published for Cisco Firepower Threat Defense? stack.watch will email you.

Cisco Firepower Threat Defense

Affected Versions

Cisco Firepower Threat Defense Software:

Version 6.2.3 is affected.
Version 6.2.3.1 is affected.
Version 6.2.3.2 is affected.
Version 6.2.3.3 is affected.
Version 6.2.3.4 is affected.
Version 6.2.3.5 is affected.
Version 6.2.3.6 is affected.
Version 6.2.3.7 is affected.
Version 6.2.3.8 is affected.
Version 6.2.3.10 is affected.
Version 6.2.3.11 is affected.
Version 6.2.3.9 is affected.
Version 6.2.3.12 is affected.
Version 6.2.3.13 is affected.
Version 6.2.3.14 is affected.
Version 6.2.3.15 is affected.
Version 6.2.3.16 is affected.
Version 6.2.3.17 is affected.
Version 6.2.3.18 is affected.
Version 6.6.0 is affected.
Version 6.6.0.1 is affected.
Version 6.6.1 is affected.
Version 6.6.3 is affected.
Version 6.6.4 is affected.
Version 6.6.5 is affected.
Version 6.6.5.1 is affected.
Version 6.6.5.2 is affected.
Version 6.4.0 is affected.
Version 6.4.0.1 is affected.
Version 6.4.0.3 is affected.
Version 6.4.0.2 is affected.
Version 6.4.0.4 is affected.
Version 6.4.0.5 is affected.
Version 6.4.0.6 is affected.
Version 6.4.0.7 is affected.
Version 6.4.0.8 is affected.
Version 6.4.0.9 is affected.
Version 6.4.0.10 is affected.
Version 6.4.0.11 is affected.
Version 6.4.0.12 is affected.
Version 6.4.0.13 is affected.
Version 6.4.0.14 is affected.
Version 6.4.0.15 is affected.
Version 6.7.0 is affected.
Version 6.7.0.1 is affected.
Version 6.7.0.2 is affected.
Version 6.7.0.3 is affected.
Version 7.0.0 is affected.
Version 7.0.0.1 is affected.
Version 7.0.1 is affected.
Version 7.0.1.1 is affected.
Version 7.0.2 is affected.
Version 7.0.2.1 is affected.
Version 7.0.3 is affected.
Version 7.1.0 is affected.
Version 7.1.0.1 is affected.
Version 7.1.0.2 is affected.
Version 7.2.0 is affected.
Version 7.2.0.1 is affected.

Exploit Probability

EPSS

0.17%

Percentile

38.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

FTD Web Server Auth Bypass Enables Remote Config via HTTPSCVE-2022-20949 Published on November 15, 2022

Vulnerability Analysis

Weakness Type

Resource Management Errors

Products Associated with CVE-2022-20949

Affected Versions

Exploit Probability

FTD Web Server Auth Bypass Enables Remote Config via HTTPS
CVE-2022-20949 Published on November 15, 2022