Small Space of Random Values

CVE-2022-20941

Medium

5.3/10

Summary

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-334 - Small Space of Random Values

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Nov 15, 2022

Small Space of Random Values

CVE-2022-20941

Summary

CWE-334 - Small Space of Random Values

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS