CVE-2022-20946
First published: Thu Nov 10 2022(Updated: )
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Threat Defense | >=6.3.0<=6.3.0.5 | |
| Cisco Firepower Threat Defense | >=6.4.0<=6.4.0.15 | |
| Cisco Firepower Threat Defense | >=6.5.0<=6.5.0.5 | |
| Cisco Firepower Threat Defense | >=6.6.0<=6.6.5.2 | |
| Cisco Firepower Threat Defense | >=6.7.0<=6.7.0.3 | |
| Cisco Firepower Threat Defense | >=7.0.0<=7.0.3 | |
| Cisco Firepower Threat Defense | =7.1.0.0 | |
| Cisco Firepower Threat Defense | =7.1.0.1 | |
| Cisco Firepower Threat Defense | =7.1.0.2 |
Remedy
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Firepower Threat Defense vulnerability?
The vulnerability ID for this Cisco Firepower Threat Defense vulnerability is CVE-2022-20946.
What is the severity of CVE-2022-20946?
The severity of CVE-2022-20946 is high with a CVSS score of 7.5.
What is the affected software for CVE-2022-20946?
The affected software for CVE-2022-20946 is Cisco Firepower Threat Defense versions 6.3.0 to 7.1.0.2.
How does CVE-2022-20946 impact Cisco Firepower Threat Defense?
CVE-2022-20946 allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
How can I fix CVE-2022-20946?
To fix CVE-2022-20946, it is recommended to upgrade to a fixed software release.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.3.0
- version/cisco firepower threat defense/6.3.0.5
- version/cisco firepower threat defense/6.4.0
- version/cisco firepower threat defense/6.4.0.15
- version/cisco firepower threat defense/6.5.0
- version/cisco firepower threat defense/6.5.0.5
- version/cisco firepower threat defense/6.6.0
- version/cisco firepower threat defense/6.6.5.2
- version/cisco firepower threat defense/6.7.0
- version/cisco firepower threat defense/6.7.0.3
- version/cisco firepower threat defense/7.0.0
- version/cisco firepower threat defense/7.0.3
- version/cisco firepower threat defense/7.1.0.0
- version/cisco firepower threat defense/7.1.0.1
- version/cisco firepower threat defense/7.1.0.2