Cyber Resilience

CVE-2022-20730

Medium

Published: 03 May 2022

Published
03 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score 0.0029 52.6th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20730 is a medium-severity Improper Handling of Unexpected Data Type (CWE-241) vulnerability in Cisco Firepower Threat Defense. Its CVSS base score is 4.0 (Medium).

Operationally, ranked in the top 47.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could…

more

exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
firepower threat defense
≤ 6.4.0.15 · 6.5.0 — 6.6.5.2 · 6.7.0 — 7.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References