【概要】
■脆弱性情報
日 |
CVE番号 |
NVD |
Vender |
CVSS v3 |
CWE |
脆弱性 |
備考 |
---|---|---|---|---|---|---|---|
2022/08/10 | CVE-2022-20715 | NVD | Vender | 7.5(NVD) 8.6(Cisco) |
CWE-20 CWE-399 |
不適切な入力確認 リソース管理の問題 |
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
2022/08/10 | CVE-2022-20866 | NVD | Vender | 7.5(NVD) 7.4(Cisco) |
CWE-203 | 観測可能な不一致 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability |
2022/08/10 | CVE-2022-20829 | NVD | Vender | 7.2(NVD) 9.1(Cisco) |
CWE-345 | データの信頼性についての不十分な検証 | Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability |
2022/08/10 | CVE-2022-20713 | NVD | Vender | 6.1(NVD) 4.3(Cisco) |
CWE-444 | HTTP リクエストスマグリング | Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability |
2022/08/10 | CVE-2021-1585 | NVD | Vender | 8.1(NVD) 7.5(Cisco) |
CWE-94 | コード・インジェクション | Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability |
■Exploit Code情報
【ニュース】
◆シスコ製品に重要な脆弱性、アップデートを (マイナビニュース, 2022/08/12 14:37)
https://news.mynavi.jp/techplus/article/20220812-2423675/
【関連情報】
◆Cisco Releases Security Update for Multiple Products (CISA, 2022/08/11)
[シスコ、複数製品のセキュリティアップデートを公開]
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/11/cisco-releases-security-update-multiple-products
⇒ https://vul.hatenadiary.com/entry/2022/08/11/000000