{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-20927", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "dateReserved": "2021-11-02T13:28:29.191Z", "datePublished": "2022-11-10T17:30:39.182Z", "dateUpdated": "2024-08-03T02:31:59.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:14.790Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."}], "affected": [{"vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "versions": [{"version": "9.14.1", "status": "affected"}, {"version": "9.14.1.10", "status": "affected"}, {"version": "9.14.1.15", "status": "affected"}, {"version": "9.14.1.19", "status": "affected"}, {"version": "9.14.1.30", "status": "affected"}, {"version": "9.14.2", "status": "affected"}, {"version": "9.14.2.4", "status": "affected"}, {"version": "9.14.2.8", "status": "affected"}, {"version": "9.14.2.13", "status": "affected"}, {"version": "9.14.2.15", "status": "affected"}, {"version": "9.14.3", "status": "affected"}, {"version": "9.14.3.1", "status": "affected"}, {"version": "9.14.3.9", "status": "affected"}, {"version": "9.14.3.11", "status": "affected"}, {"version": "9.14.3.13", "status": "affected"}, {"version": "9.14.3.18", "status": "affected"}, {"version": "9.14.3.15", "status": "affected"}, {"version": "9.15.1", "status": "affected"}, {"version": "9.15.1.7", "status": "affected"}, {"version": "9.15.1.10", "status": "affected"}, {"version": "9.15.1.15", "status": "affected"}, {"version": "9.15.1.16", "status": "affected"}, {"version": "9.15.1.17", "status": "affected"}, {"version": "9.15.1.1", "status": "affected"}, {"version": "9.15.1.21", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Firepower Threat Defense Software", "versions": [{"version": "6.6.0", "status": "affected"}, {"version": "6.6.0.1", "status": "affected"}, {"version": "6.6.1", "status": "affected"}, {"version": "6.6.3", "status": "affected"}, {"version": "6.6.4", "status": "affected"}, {"version": "6.6.5", "status": "affected"}, {"version": "6.6.5.1", "status": "affected"}, {"version": "6.6.5.2", "status": "affected"}, {"version": "6.7.0", "status": "affected"}, {"version": "6.7.0.1", "status": "affected"}, {"version": "6.7.0.2", "status": "affected"}, {"version": "6.7.0.3", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco FirePOWER Services Software for ASA", "versions": [{"version": "N/A", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "cwe", "cweId": "CWE-120"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA", "name": "cisco-sa-ssl-client-dos-cCrQPkA"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ssl-client-dos-cCrQPkA", "discovery": "INTERNAL", "defects": ["CSCvz98540"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:59.588Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA", "name": "cisco-sa-ssl-client-dos-cCrQPkA", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AE545-A469-41C7-BD95-3CC80AF8067B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3255DB9E-85A5-48ED-90AA-6A7A55A0B1F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "02B6C9A0-B941-4C7C-BFE9-F1D837D5ADBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "77E783FD-5D4B-4C4F-BBFE-1186EFDFEF3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "40145CFB-CEE8-4ABA-A9C2-BA262B7A9AEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "23C82327-5362-4876-8058-EB51030CD5DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "3C700CC9-E16F-4C05-915D-1CA39257ACCB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "3ABDBB94-BA4F-4991-A703-0D7DDF999CBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.13.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "D59B6947-1953-4C86-A76C-7A881CD3A502", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "52D83C3A-ED0B-42D5-A08A-97D27E189875", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "F4187EFE-4D7E-4493-A6E0-24C98256CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "6730194F-5069-40AB-AE66-871D3992560C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "9E257F98-D1A0-4D28-9504-1749CC090D49", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "3FF1A5FC-73BE-4218-86D9-2E81FA64EABD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E492943-6EC0-4E34-9DBC-DD1C2CF1CDCC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "589E46F3-8038-4B87-8C40-55C6268B82F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3F3B73F6-139E-42DC-B895-DDD17B5A1138", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "0A2590E7-FE04-4B29-B36B-AABAA5F3B9AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "3E4FD5E3-7E82-4294-8B05-D2045D857029", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E998A4A-5346-4CFA-A617-FD1106C6B7A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "91265549-A16E-4A00-A031-4F1EB8D6881C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "EA3C316B-5485-4CDD-A1A1-6C0A9CB4719F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "ECE6D033-7B8B-4F61-B653-0C0EF13466EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "14441650-DAD5-4959-83DF-4D6F3D6A05FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "1B21ABC9-A64B-43E4-8951-1E6C0F427DBB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.14.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "A48EC041-322F-422D-B95B-0FC07BDA2B6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA0B9B73-A9E6-4924-9EAE-B57E534938FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "012812C4-EFF8-465F-A771-134BEB617CC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E06141A9-8C37-445A-B58A-45739AFE7D4C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "7EDC09E5-51D3-4672-B910-B34A9CBD6128", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "71ED7A71-81CB-444C-A4ED-EA4A58D5E73C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "CAD13331-0EB8-4C8D-85CC-D96CA9F829AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "7137F22B-F993-4620-9378-9412DAEA9EF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.15.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "923A40E8-6456-4288-B9AB-DBF5F9C4246A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "171E1C5D-68C5-4BBC-AE18-D1518A1B7277", "versionEndIncluding": "6.5.0.5", "versionStartIncluding": "6.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "1110632C-526F-4025-A7BE-0CF9F37E5F9E", "versionEndIncluding": "6.7.0.3", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "55FE024D-0D43-40AD-9645-8C54ECF17824", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4C5EF69-498C-4433-8B86-91EB343C3F63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el cliente SSL/TLS del software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado cause una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de la memoria cuando un dispositivo inicia conexiones SSL/TLS. Un atacante podr\u00eda aprovechar esta vulnerabilidad asegur\u00e1ndose de que el dispositivo se conecte a un servidor SSL/TLS que utilice par\u00e1metros de cifrado espec\u00edficos. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo afectado entre en bucle de carga inesperadamente, lo que resultar\u00eda en una condici\u00f3n DoS."}], "id": "CVE-2022-20927", "lastModified": "2024-11-21T06:43:50.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-15T21:15:32.607", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-client-dos-cCrQPkA"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}