CVE-2022-20918 (CNNVD-202211-2504)
中文标题:
Cisco Firepower Management Center 授权问题漏洞
英文标题:
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER...
漏洞描述
中文描述:
Cisco Firepower Management Center(FMC)是美国思科(Cisco)公司的新一代防火墙管理中心软件。 Cisco FirePOWER Software、Cisco Firepower Management Center(FMC) Software和Cisco Next-Generation Intrusion Prevention System(NGIPS) Software存在授权问题漏洞,该漏洞源于SNMPv1和SNMPv2存在默认凭证,攻击者可以通过向受影响设备发送SNMPv1或SNMPv2 GET请求来利用这一漏洞,可能允许未经认证的远程攻击者使用默认凭证执行SNMP GET请求从设备中获取敏感信息。
英文描述:
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Firepower Management Center | 7.0.0 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.1.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.1.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.2 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.2:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.2.1 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.2.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.3 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.3:*:*:*:*:*:*:*
|
| Cisco | Cisco Firepower Management Center | 7.0.4 | - | - |
cpe:2.3:a:cisco:cisco_firepower_management_center:7.0.4:*:*:*:*:*:*:*
|
| Cisco | Cisco FirePOWER Services Software for ASA | N/A | - | - |
cpe:2.3:a:cisco:cisco_firepower_services_software_for_asa:n_a:*:*:*:*:*:*:*
|
| cisco | firepower_services_software_for_asa | - | - | - |
cpe:2.3:a:cisco:firepower_services_software_for_asa:-:*:*:*:*:*:*:*
|
| cisco | secure_firewall_management_center | * | - | - |
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2022-20918 |
2025-11-11 15:21:16 | 2025-11-11 07:37:15 |
| NVD | nvd_CVE-2022-20918 |
2025-11-11 14:58:28 | 2025-11-11 07:45:32 |
| CNNVD | cnnvd_CNNVD-202211-2504 |
2025-11-11 15:11:03 | 2025-11-11 07:57:38 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202211-2504
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 9 -> 11
- data_sources: ['cve'] -> ['cve', 'nvd']