First published: Tue May 03 2022(Updated: )
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Management Center | <7.1.0 | |
Cisco Secure Firewall Management Center | <7.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-20744.
CVE-2022-20744 has a severity level of medium.
Cisco Firepower Management Center (FMC) Software up to version 7.1.0 is affected by CVE-2022-20744.
An authenticated, remote attacker can exploit CVE-2022-20744 to view data without proper authorization.
A fix for CVE-2022-20744 may be provided by Cisco in their security advisory.