CVE-2022-20746 The TCP proxy vulnerability in Cisco Firepower Threat Defense could allow an unauthenticated, remote attacker to cause a DoS.

CVE-2022-20746 The TCP proxy vulnerability in Cisco Firepower Threat Defense could allow an unauthenticated, remote attacker to cause a DoS.

Cisco has assigned this vulnerability a Common Vulnerability Scoring System (CVSS) base score of 7.8. Further information about CVSS can be found here: http://nvd.nist.gov. Cisco has released software updates for this vulnerability. However, it is important to note that protection against exploitation of these vulnerabilities is not offered by default. In order to be protected, you must configure your devices as per the recommendations documented in Cisco’s security advisory. Cisco recommends devices running FTD software version 5.0.0.13 or earlier version be updated to version 5.0.0.14 or later. In addition, Cisco recommends you closely monitor any traffic traversing the affected device, and take appropriate action to mitigate the risk of exploitation. Cisco recommends using Cisco firewalls and IPS to block TCP traffic to the affected device on all interfaces, and monitor traffic to ensure that it is not being exploited. Cisco also recommends using Cisco firewSources: Cisco ies and NGFW to prevent malicious traffic on the affected device. Cisco has also provided guidance on how to close possible security holes in your network to prevent exploitation of these vulnerabilities.

What are the Cisco IOS XE Software Vulnerabilities?

Cisco IOS XE Software versions prior to version 3.3.0.3 are vulnerable to a remote code execution vulnerability that can be exploited without authentication and without end-user interaction, aka “CVE-2022-20746”. Cisco has assigned this vulnerability a Common Vulnerability Scoring System (CVSS) base score of 7.8. Further information about CVSS can be found here: http://nvd.nist.gov
Cisco has released software updates for these vulnerabilities; however, protection against exploitation of these vulnerabilities is not offered by default. In order to be protected, you must configure your devices as per the recommendations documented in Cisco’s security advisory    
Cisco recommends devices running FTD software version 5.0.0.13 or earlier versions be updated to version 5.0.0.14 or later; in addition, Cisco recommends you closely monitor any traffic traversing the affected device and take appropriate action on it if you believe it may have been exploited

Cisco Firewall Tips

Cisco firewalls, such as the Cisco Catalyst 6500 Series Switches and Cisco ASA firewalls, are a good way to prevent exploitation of these vulnerabilities.

Cisco has provided a remediation matrix for this vulnerability

Cisco has provided a remediation matrix for this vulnerability. It is important that you use Cisco’s recommendations to protect yourself from exploitation of these vulnerabilities.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe