{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-20938", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "dateReserved": "2021-11-02T13:28:29.193Z", "datePublished": "2022-11-10T17:42:50.289Z", "dateUpdated": "2024-10-25T16:04:24.395Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:17.407Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information.\r\n\r This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed."}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Management Center", "versions": [{"version": "6.2.3", "status": "affected"}, {"version": "6.2.3.1", "status": "affected"}, {"version": "6.2.3.2", "status": "affected"}, {"version": "6.2.3.3", "status": "affected"}, {"version": "6.2.3.4", "status": "affected"}, {"version": "6.2.3.5", "status": "affected"}, {"version": "6.2.3.6", "status": "affected"}, {"version": "6.2.3.7", "status": "affected"}, {"version": "6.2.3.9", "status": "affected"}, {"version": "6.2.3.10", "status": "affected"}, {"version": "6.2.3.11", "status": "affected"}, {"version": "6.2.3.12", "status": "affected"}, {"version": "6.2.3.13", "status": "affected"}, {"version": "6.2.3.14", "status": "affected"}, {"version": "6.2.3.15", "status": "affected"}, {"version": "6.2.3.8", "status": "affected"}, {"version": "6.2.3.16", "status": "affected"}, {"version": "6.2.3.17", "status": "affected"}, {"version": "6.2.3.18", "status": "affected"}, {"version": "6.4.0", "status": "affected"}, {"version": "6.4.0.1", "status": "affected"}, {"version": "6.4.0.3", "status": "affected"}, {"version": "6.4.0.2", "status": "affected"}, {"version": "6.4.0.4", "status": "affected"}, {"version": "6.4.0.5", "status": "affected"}, {"version": "6.4.0.6", "status": "affected"}, {"version": "6.4.0.7", "status": "affected"}, {"version": "6.4.0.8", "status": "affected"}, {"version": "6.4.0.9", "status": "affected"}, {"version": "6.4.0.10", "status": "affected"}, {"version": "6.4.0.11", "status": "affected"}, {"version": "6.4.0.12", "status": "affected"}, {"version": "6.4.0.13", "status": "affected"}, {"version": "6.4.0.14", "status": "affected"}, {"version": "6.4.0.15", "status": "affected"}, {"version": "6.6.0", "status": "affected"}, {"version": "6.6.0.1", "status": "affected"}, {"version": "6.6.1", "status": "affected"}, {"version": "6.6.3", "status": "affected"}, {"version": "6.6.4", "status": "affected"}, {"version": "6.6.5", "status": "affected"}, {"version": "6.6.5.1", "status": "affected"}, {"version": "6.6.5.2", "status": "affected"}, {"version": "6.7.0", "status": "affected"}, {"version": "6.7.0.1", "status": "affected"}, {"version": "6.7.0.2", "status": "affected"}, {"version": "6.7.0.3", "status": "affected"}, {"version": "7.0.0", "status": "affected"}, {"version": "7.0.0.1", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.0.1.1", "status": "affected"}, {"version": "7.0.2", "status": "affected"}, {"version": "7.0.2.1", "status": "affected"}, {"version": "7.0.3", "status": "affected"}, {"version": "7.0.4", "status": "affected"}, {"version": "7.1.0", "status": "affected"}, {"version": "7.1.0.1", "status": "affected"}, {"version": "7.1.0.2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Restriction of XML External Entity Reference", "type": "cwe", "cweId": "CWE-611"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd", "name": "cisco-sa-fmc-xxe-MzPC4bYd"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-fmc-xxe-MzPC4bYd", "discovery": "INTERNAL", "defects": ["CSCwb53694"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:58.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd", "name": "cisco-sa-fmc-xxe-MzPC4bYd", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T14:36:46.014519Z", "id": "CVE-2022-20938", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T16:04:24.395Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd", "name": "cisco-sa-fmc-xxe-MzPC4bYd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:58.641Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-20938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-25T14:36:46.014519Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:41:23.055Z"}}], "cna": {"source": {"defects": ["CSCwb53694"], "advisory": "cisco-sa-fmc-xxe-MzPC4bYd", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Management Center", "versions": [{"status": "affected", "version": "6.2.3"}, {"status": "affected", "version": "6.2.3.1"}, {"status": "affected", "version": "6.2.3.2"}, {"status": "affected", "version": "6.2.3.3"}, {"status": "affected", "version": "6.2.3.4"}, {"status": "affected", "version": "6.2.3.5"}, {"status": "affected", "version": "6.2.3.6"}, {"status": "affected", "version": "6.2.3.7"}, {"status": "affected", "version": "6.2.3.9"}, {"status": "affected", "version": "6.2.3.10"}, {"status": "affected", "version": "6.2.3.11"}, {"status": "affected", "version": "6.2.3.12"}, {"status": "affected", "version": "6.2.3.13"}, {"status": "affected", "version": "6.2.3.14"}, {"status": "affected", "version": "6.2.3.15"}, {"status": "affected", "version": "6.2.3.8"}, {"status": "affected", "version": "6.2.3.16"}, {"status": "affected", "version": "6.2.3.17"}, {"status": "affected", "version": "6.2.3.18"}, {"status": "affected", "version": "6.4.0"}, {"status": "affected", "version": "6.4.0.1"}, {"status": "affected", "version": "6.4.0.3"}, {"status": "affected", "version": "6.4.0.2"}, {"status": "affected", "version": "6.4.0.4"}, {"status": "affected", "version": "6.4.0.5"}, {"status": "affected", "version": "6.4.0.6"}, {"status": "affected", "version": "6.4.0.7"}, {"status": "affected", "version": "6.4.0.8"}, {"status": "affected", "version": "6.4.0.9"}, {"status": "affected", "version": "6.4.0.10"}, {"status": "affected", "version": "6.4.0.11"}, {"status": "affected", "version": "6.4.0.12"}, {"status": "affected", "version": "6.4.0.13"}, {"status": "affected", "version": "6.4.0.14"}, {"status": "affected", "version": "6.4.0.15"}, {"status": "affected", "version": "6.6.0"}, {"status": "affected", "version": "6.6.0.1"}, {"status": "affected", "version": "6.6.1"}, {"status": "affected", "version": "6.6.3"}, {"status": "affected", "version": "6.6.4"}, {"status": "affected", "version": "6.6.5"}, {"status": "affected", "version": "6.6.5.1"}, {"status": "affected", "version": "6.6.5.2"}, {"status": "affected", "version": "6.7.0"}, {"status": "affected", "version": "6.7.0.1"}, {"status": "affected", "version": "6.7.0.2"}, {"status": "affected", "version": "6.7.0.3"}, {"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "7.0.0.1"}, {"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "7.0.1.1"}, {"status": "affected", "version": "7.0.2"}, {"status": "affected", "version": "7.0.2.1"}, {"status": "affected", "version": "7.0.3"}, {"status": "affected", "version": "7.0.4"}, {"status": "affected", "version": "7.1.0"}, {"status": "affected", "version": "7.1.0.1"}, {"status": "affected", "version": "7.1.0.2"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd", "name": "cisco-sa-fmc-xxe-MzPC4bYd"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information.\r\n\r This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-611", "description": "Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:17.407Z"}}}, "cveMetadata": {"cveId": "CVE-2022-20938", "state": "PUBLISHED", "dateUpdated": "2024-10-25T16:04:24.395Z", "dateReserved": "2021-11-02T13:28:29.193Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2022-11-10T17:42:50.289Z", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1B12A-A2EC-4C24-AEBC-944AE2939458", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A74489D5-5B4F-48A2-9384-3AF5A599B6D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AB6251C-F898-431C-B693-DF075B8808B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAB30570-97B9-4CE1-8175-CF234B9CEECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "278DCC34-378E-4E55-9B26-C50282908676", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "43589A9B-96AE-48F7-A630-6FC29034D223", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "32EC0D9B-1249-4768-8CC2-A4DAE61B37CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2391B499-3FF7-4E5D-870F-946154AB2548", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE23BDD-AFC1-41F6-AD26-CE89636A7DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D78A8A76-4FEA-4376-B619-6A017BEAB905", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4F1DE13A-5966-4F75-B190-1ADAEE98FC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B9976A7-1D53-4B69-9DA6-AD9733A474A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD5D29D6-90C7-4E90-979F-34CFC21875A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EB32F943-C8EC-4B10-89E1-B72245CC8E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "99479490-9BB9-40BD-B4FB-A23D81E48631", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "60C9F471-F335-43EE-8FCB-52CADC777A55", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7F48599-FAD1-4BEC-9EB1-AA5717FB09EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "CFBA1BCF-4595-4CCA-9222-CC24302207E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "5F347DF9-11AC-4821-8569-FDF02028F0C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "EB9381BB-77B5-4460-A46D-B905B0CFA06E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB01FA17-68F7-47E6-9D94-AC3C290F62AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "08F0F58D-C859-400F-88D4-38C84584BACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "73D28E1C-B26F-4BD8-8F21-2AFA1E1B881D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "4DF3D576-7922-4FB4-9C8B-2E31E29A4FEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE852669-316E-4710-A964-91B17CBA75FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "D64651BA-33A1-4DD9-B23C-577543D45534", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "E44687A2-D460-4CD7-91E1-4535B4A71698", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "4C312686-8739-4B48-9476-3D65200B3216", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "059D7FFF-94B6-400A-A939-498BDBB18FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B4204464-BF24-4596-8AE2-4D98EC817234", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "DF0B67CC-FFEA-4A22-A79F-6DB1C826CECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "13744A3B-7F48-49B1-8263-012456E27ACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "0E0CC829-ED28-435B-9826-6CDB4BB2F0EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "1732AC85-09E3-43E2-B624-87E537EB6F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "85986C19-4819-4F02-9873-A42D4277D3A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "11BEDD8B-DB02-4E8D-B2BF-2B7BE190AF6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "B0E13E7F-BDA9-49DF-BA43-CB812BC0D384", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "47FDAAB6-EC1B-4759-8B8A-55748C39AFFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "E3C97C0B-509E-4AE2-9EDB-BDC0436E05A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "134CD651-CA72-47A0-8B48-A9C332C02013", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6A28FE66-9A15-4C1B-B946-D4F26A60DEAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C94C13E-DF81-4F7B-87FF-469090FD2133", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "15B0848B-3F39-4303-9B2F-6D25CD15FBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2F337BD6-8532-4A3B-A495-EDAEB15926FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "97736B65-429A-4B5C-A340-A1BBE2B91E9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA61E6F5-FFFD-4D4E-9AA3-94F827A79F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "80EC515D-6051-472A-92F4-ED4385FEDEC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7E83830-B9CA-425D-BFD3-7F8FD1114950", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "91F862F9-40FE-42E9-86B2-BD9350B118D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "857A0C11-1456-4F1A-A812-E93B829F13DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "93828989-2731-4DCE-9FBB-5ABB5A660A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "83B99522-B80A-4998-971B-F3C45EB104F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F286FD7B-E588-4DCC-B41F-AD9E4A49B8ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "3908BF04-0869-4F4D-9BC4-411F56AC8092", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "227799AC-75DF-4B3F-A7EF-063D8D8C2EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "FB72A64E-7B19-4A96-809C-287E391DFA44", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "4630DEB7-BEE7-4247-9536-C35887A807C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "2E7BC07A-1C33-46FB-9ABF-C98A46BE6AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0F3B8077-2DD6-491F-9F0E-D977E7A4AB08", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "CEAD4CD3-FBF1-43BC-A14F-6375E4B784AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.4.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "5662EBCF-13F5-4CE6-8E3D-B23B73AF4633", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A995913-A8DB-4536-93BF-AAF82F0FCDB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0978063C-A157-4C32-AF5C-AC3731467EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "24F13364-A0C1-464B-998B-2B0B40A7A64B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B0FE8B9-125A-4F7A-A205-3B38747BAE22", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3294BE65-8A2A-4243-847E-7AC1EB6035DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BFE14143-8DE7-4EEA-93F6-C05CFAB36895", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "30AE7CB7-86F5-4B80-9179-1C2DF4E8E7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1931C431-3452-4FE1-870A-16700553BDAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "490C91AC-9437-43DA-99AF-0DF8A0E5EEB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "22913221-9B69-451A-8442-C65091DFAFD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "1488A64D-E0ED-4E88-92E9-D8E38A2CB080", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "9FF58049-7F1B-425B-A2A7-5974080625F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DA72515-66E1-4811-ADDA-B2F9B6A4B737", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "606C631F-5A30-4A07-A761-29B31D09C66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "853866E2-1BCC-4A81-907A-ABA8648D8C57", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B0B5925-0336-4F56-9D9A-777687DF3B22", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F406CDA3-08B9-4C13-B6F5-C83978239623", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "108BFA85-BB6B-420A-911D-B2731CB05289", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0FEE4092-0EAD-48DA-92EB-82DD4EB43E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B8DF2E2-848A-4616-AEF0-1EFE68A900C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "387E34BD-913B-4CB7-9230-81B283E92A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FFE8B3DC-9865-4845-B989-FB41D6FE085E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BC98B2C9-2F78-4DB5-97D7-78D584CEBE87", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "44CEED06-6E18-4961-BD69-8BF3E7A6D59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D815D562-D60A-4AD1-9243-8167B244882E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FA91AC4A-77D5-4C41-BD63-4E8F3BA4FF84", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "21D28D33-2B3C-4695-9137-7C4AC6BA2D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DCA8FE8-D0BC-4B6C-8E15-0DC5D0EF515F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "62213974-B025-4A76-87CD-025C84389A2B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information.\r\n\r This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n de importaci\u00f3n de m\u00f3dulos de la interfaz administrativa del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n confidencial. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la sintaxis XML al importar un m\u00f3dulo. Un atacante podr\u00eda aprovechar esta vulnerabilidad proporcionando un archivo XML especialmente manipulado para la funci\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante leer datos confidenciales que normalmente no ser\u00edan revelados."}], "id": "CVE-2022-20938", "lastModified": "2024-01-25T17:15:20.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-11-15T21:15:34.430", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}