Vulnerability Details : CVE-2022-20729
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output.
Exploit prediction scoring system (EPSS) score for CVE-2022-20729
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-20729
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
[email protected] |
|
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.8
|
2.5
|
[email protected] |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
[email protected] |
CWE ids for CVE-2022-20729
-
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.Assigned by:
- [email protected] (Primary)
- [email protected] (Secondary)
References for CVE-2022-20729
Products affected by CVE-2022-20729
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*