Cisco Security Advisory - Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability

Started by Netwörkheäd, May 01, 2022, 12:17:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

May 01, 2022, 12:17:07 AM
Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability

<p>A vulnerability in the local malware analysis process of Cisco&nbsp;Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.</p>
<p>This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition.&nbsp;&nbsp;</p>
<p><strong>Notes</strong>:</p>
<ol>
<li>Manual intervention may be required to recover from this situation.</li>
<li>Malware cloud lookup and dynamic analysis will not be impacted.</li>
</ol>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-amp-local-dos-CUfwRJXT" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-amp-local-dos-CUfwRJXT</a></p>

<p>This advisory is part of the April 2022 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://tvce.cisco.com/security/aims/PublicationPreview.aspx?ID=74836&amp;Version=1&amp;Revision=26">Cisco&nbsp;Event Response: April 2022 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>


     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20748
Source: Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions