CVE-2022-20745

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Severity	HIGH
CVSS	8.6
CWE	CWE-20
KEV
Published	4 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Secure Firewall Management Center (FMC)	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco RV Series Routers	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Nexus Dashboard	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Firepower Threat Defense Software	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Catalyst PON Series Switches	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Adaptive Security Appliance (ASA) Software	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco 3000 Series Routers	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Secure Firewall Threat Defense Virtual	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Secure Firewall 3100 Series	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Firepower 9000 Series	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Firepower 4100 Series	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Firepower 2100 Series	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Firepower 1000 Series	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco Adaptive Security Virtual Appliance (ASAv)	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco ASA 5500-X Series Firewalls	cisco-sa-asafdt-webvpn-dos-tzPSYern
Cisco 3000 Series Industrial Security Appliances (ISA)	cisco-sa-asafdt-webvpn-dos-tzPSYern