CVE-2022-20949

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-399
View all →

Vulnerability Description

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software.

Related Vulnerabilities

CVE-2019-12665

MEDIUM
CVSS:4.8(Medium)

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted...

CWE-3992019

CVE-2015-4942

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-201...

CWE-3992015

CVE-2016-1256

MEDIUM
CVSS:5.3(Medium)

Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 befor...

CWE-3992016

CVE-2016-1260

MEDIUM
CVSS:5.3(Medium)

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consum...

CWE-3992016

CVE-2016-1299

MEDIUM
CVSS:5.3(Medium)

The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw8717...

CWE-3992016

CVE-2016-1353

MEDIUM
CVSS:5.3(Medium)

The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is ...

CWE-3992016