CVE-2022-20745

HIGH

Cisco ASA & FTD Unauthenticated DoS via HTTPS Request Parsing

Title source: llm

Description

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern

Scores

CVSS v3 8.6

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (3)

cisco/adaptive_security_appliance_software < 9.12.4.38

cisco/firepower_threat_defense 7.1.0

cisco/firepower_threat_defense < 6.4.0.15

Published May 03, 2022

Tracked Since Feb 18, 2026