Cisco Firepower Management Center Software Information Disclosure (cisco-sa-fmc-infdisc-guJWRwQu)

medium Nessus Plugin ID 161247

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt35116

Plugin Details

Severity: Medium

ID: 161247

File Name: cisco-sa-fmc-infdisc-guJWRwQu.nasl

Version: 1.4

Type: local

Family: CISCO

Published: 5/17/2022

Updated: 11/14/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2022-20744

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:firepower_management_center

Required KB Items: Host/Cisco/firepower_mc/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/27/2022

Vulnerability Publication Date: 4/27/2022

Reference Information

CVE: CVE-2022-20744

CWE: 807

CISCO-SA: cisco-sa-fmc-infdisc-guJWRwQu

IAVA: 2022-A-0184-S

CISCO-BUG-ID: CSCvt35116

Detections

Analytics