Cisco Security Advisory - Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability

Started by Netwörkheäd, November 10, 2022, 06:23:32 PM

Previous topic - Next topic

Netwörkheäd

Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.


This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.


Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dos-OwEunWJN



This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: November 2022 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.




     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20854
Source: Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability
Let's not argue. Let's network!