CVE-2022-20743

CVE Database · CVE-2022-20743

CVE-2022-20743

· MEDIUMModified

CVSS v3.1

6.5

EPSS

3.72%

Published

May 3, 2022

Modified

Nov 26, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (4)

cisco · secure_firewall_management_center (up to 6.4.0.15)vulnerable

cisco · secure_firewall_management_center (up to 6.6.5.2)vulnerable

cisco · secure_firewall_management_center (up to 7.0.2)vulnerable

cisco · secure_firewall_management_center (up to 7.1.0.1)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs