CVE-2022-20744
First published: Tue May 03 2022(Updated: )
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center | <7.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-20744.
What is the severity level of CVE-2022-20744?
CVE-2022-20744 has a severity level of medium.
What software is affected by CVE-2022-20744?
Cisco Firepower Management Center (FMC) Software up to version 7.1.0 is affected by CVE-2022-20744.
How can an attacker exploit CVE-2022-20744?
An authenticated, remote attacker can exploit CVE-2022-20744 to view data without proper authorization.
Is there a fix available for CVE-2022-20744?
A fix for CVE-2022-20744 may be provided by Cisco in their security advisory.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco firepower management center