- 264/2022
- High
Cisco has released security updates to address several vulnerabilities in multiple products.
The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco ASA Software, Cisco FTD Software, Cisco FMC Software, Cisco FirePOWER Software and Cisco Secure Firewalls 3100 Series.
The severity of the addressed vulnerabilities could allow the remote attacker to obtain sensitive information, take control or cause a denial of service attack against the affected system.
Samples of the addressed vulnerabilities:
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies DoS Vulnerability (CVE-2022-20947):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
- Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability (CVE-2022-20918):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
Cisco Security Advisory