February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
November 18, 2022Rewterz Threat Advisory – CVE-2022-20826 – Cisco Secure Firewalls Vulnerability
November 18, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
November 18, 2022Rewterz Threat Advisory – CVE-2022-20826 – Cisco Secure Firewalls Vulnerability
November 18, 2022
Severity
Medium
Analysis Summary
CVE-2022-20949 CVSS:6.5
Cisco Firepower Threat Defense Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to access to HTTPS endpoints. By sending specific messages to the affected HTTPS handler, an attacker could exploit this vulnerability to execute configuration commands on an affected system.
CVE-2022-20854 CVSS:6.5
Cisco Firepower Management Center (FMC) Software is vulnerable to a denial of service, caused by improper error handling when an SSH session fails to be established. By sending a high rate of crafted SSH connections to the instance, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-20926 CVSS:6.3
Cisco Firepower Management Center (FMC) Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user-supplied parameters for certain API endpoints. By sending specially crafted input to an affected API endpoint, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-20839 CVSS:4.8
Cisco Firepower Management Center (FMC) Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20840 CVSS:4.8
Cisco Firepower Management Center (FMC) Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20905 CVSS:4.8
Cisco Firepower Management Center (FMC) Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20936 CVSS:4.8
Cisco Firepower Management Center (FMC) Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20831 CVSS:4.8
Cisco Firepower Management Center (FMC) Software is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Command Execution
- Denial of Service
- Cross-site Scripting
Indicators Of Compromise
CVE
- CVE-2022-20949
- CVE-2022-20854
- CVE-2022-20926
- CVE-2022-20839
- CVE-2022-20840
- CVE-2022-20905
- CVE-2022-20936
- CVE-2022-20831
Affected Vendors
Cisco
Affected Products
- Cisco Firepower Threat Defense Software 7.0.0
- Cisco Firepower Management Center
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
Cisco Firepower Threat Defense Software
Cisco Firepower Management Center Software