Cisco Adaptive Security Appliance和Firepower Threat Defense拒绝服务漏洞(CNVD-2022-44686)
Cisco Firepower Threat Defense和Cisco Adaptive Security Appliances Software都是美国思科(Cisco)公司的产品。Cisco Firepower Threat Defense是一套提供下一代防火墙服务的统一软件。Cisco Adaptive Security Appliances Software是一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。
一、漏洞分析
公开日期:2022-06-13
漏洞编号:CNVD-2022-44686/CVE-2022-20715
危害等级:高危
漏洞描述:Cisco Adaptive Security Appliance和Firepower Threat Defense存在拒绝服务漏洞,未经身份验证的远程攻击者可利用该漏洞导致受影响的设备重新启动,从而导致DoS 条件。
二、漏洞影响产品
Cisco Firepower Threat Defense 6.7.0
Cisco Firepower Threat Defense 7.0.0
Cisco Firepower Threat Defense 7.1.0
Cisco Adaptive Security Appliance <=9.7
Cisco Adaptive Security Appliance 9.8
Cisco Adaptive Security Appliance 9.9
Cisco Adaptive Security Appliance 9.10
Cisco Adaptive Security Appliance 9.12
Cisco Adaptive Security Appliance 9.13
Cisco Adaptive Security Appliance 9.14
Cisco Adaptive Security Appliance 9.15
Cisco Adaptive Security Appliance 9.16
Cisco Adaptive Security Appliance 9.17
Cisco Firepower Threat Defense <=6.2.2
Cisco Firepower Threat Defense 6.3.0
Cisco Firepower Threat Defense 6.4.0
Cisco Firepower Threat Defense 6.5.0
Cisco Firepower Threat Defense 6.6.0
Cisco Firepower Threat Defense 6.2.3
三、漏洞处置建议
厂商已发布了漏洞修复程序,请及时关注更新:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA
