Vulnerabilities > Cisco > Firepower Threat Defense > 6.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-20946 | Out-of-bounds Write vulnerability in Cisco Firepower Threat Defense A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. | 7.5 |
| 2022-11-15 | CVE-2022-20947 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. | 7.5 |
| 2022-11-15 | CVE-2022-20949 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. | 4.9 |
| 2022-08-10 | CVE-2022-20713 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. | 6.1 |
| 2022-05-03 | CVE-2022-20715 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-05-03 | CVE-2022-20729 | XML Injection (aka Blind XPath Injection) vulnerability in Cisco Firepower Threat Defense A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. | 7.8 |
| 2022-05-03 | CVE-2022-20730 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. | 7.5 |
| 2022-05-03 | CVE-2022-20742 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. | 7.4 |
| 2022-05-03 | CVE-2022-20745 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2022-05-03 | CVE-2022-20746 | NULL Pointer Dereference vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. | 7.5 |