Remote Access Vulnerability in Cisco FirePOWER Software and Management Center
CVE-2022-20918

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Firepower Management Center; Cisco Firepower Services Software For Asa
Vendor: CVE Published:; 15 November 2022

Badges

👾 Exploit Exists

Summary

This vulnerability in Cisco FirePOWER Software and related products allows unauthenticated remote attackers to perform unauthorized SNMP GET requests due to the use of default credentials in SNMP version 1 and version 2. Attackers can exploit this flaw to retrieve sensitive information from affected devices if SNMP is configured. It's important to note that this vulnerability does not allow write access, but it poses significant risks for information disclosure.

Affected Version(s)

Cisco Firepower Management Center 7.0.0

Cisco Firepower Management Center 7.0.0.1

Cisco Firepower Management Center 7.0.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Nov 2, 2021