9VSA22-00744-01 CSIRT comparte vulnerabilidades comunicadas por Cisco

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información entregada por Cisco sobre vulnerabilidades en varios de sus productos.

Vulnerabilidades

CVE-2022-20947

CVE-2022-20946

CVE-2022-20924

CVE-2022-20927

CVE-2022-20745

CVE-2022-20854

CVE-2022-20918

CVE-2022-20826

CVE-2022-20949

CVE-2022-20925

CVE-2022-20926

CVE-2022-20934

CVE-2022-20928

CVE-2022-20950

CVE-2022-20922

CVE-2022-20943

CVE-2022-20941

CVE-2022-20940

CVE-2022-20831

CVE-2022-20832

CVE-2022-20833

CVE-2022-20834

CVE-2022-20835

CVE-2022-20836

CVE-2022-20838

CVE-2022-20839

CVE-2022-20840

CVE-2022-20843

CVE-2022-20872

CVE-2022-20905

CVE-2022-20932

CVE-2022-20935

CVE-2022-20936

CVE-2022-20713

CVE-2022-20938

Impacto

Vulnerabilidades de mayor riesgo

CVE-2022-20927: Error en la función Dynamic Access Policies (DAP) del software ASA y FTD, permite a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS).

CVE-2022-20946: Vulnerabilidad de denegación de servicio (DoS) en el GRE tunnel decapsulation feature de FTD.

Productos afectados

Cisco Firepower Threat Defense Software

Cisco Firepower Threat Defense Software

Cisco Firepower Management Center Software

Cisco Firepower Software for ASA Firepower Module

Cisco Adaptive Security Appliance Software

Cisco NGIPS Software

Cisco Secure Firewall 3100 Series

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74838

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20947

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20946

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20745

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20854

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20918

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20826

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20925

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20934

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20950

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20922

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20943

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20941

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20831

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20832

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20833

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20834

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20835

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20836

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20838

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20839

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20840

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20843

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20872

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20905

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20936

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20713

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20938

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00744-01.

9VSA22-00744-01 CSIRT comparte vulnerabilidades comunicadas por Cisco