CVE-2022-20943
CVE-2022-20943 is a medium-severity vulnerability in Cisco Firepower Threat Defense with a CVSS 3.x base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-244.
Key facts
- Severity: Medium (CVSS 3.x base score 5.8)
- EPSS exploit prediction: 1% (55th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-244
- Affected product: Cisco Firepower Threat Defense
- Published:
- Last modified:
Description
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
Frequently asked questions
- What is CVE-2022-20943?
- Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
- How severe is CVE-2022-20943?
- CVE-2022-20943 has a CVSS 3.x base score of 5.8, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2022-20943 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (55th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-20943?
- CVE-2022-20943 primarily affects Cisco Firepower Threat Defense. In total, 25 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-20943?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-20943 published?
- CVE-2022-20943 was published on 2022-11-15 and last updated on 2026-06-17.
References
Affected products (25)
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:meraki_mx_security_appliance_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Cisco Firepower Threat Defense
- CVE-2021-44228 — Critical (CVSS 10.0): Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in…
- CVE-2018-0101 — Critical (CVSS 10.0): A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA)…
- CVE-2025-20333 — Critical (CVSS 9.9): A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco…
- CVE-2024-20412 — Critical (CVSS 9.3): A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series…
- CVE-2020-3187 — Critical (CVSS 9.1): A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower…
- CVE-2025-20363 — Critical (CVSS 9.0): A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure…
All CVEs affecting Cisco Firepower Threat Defense →
Other CWE-244 vulnerabilities
- CVE-2026-20039 — High (CVSS 8.6): A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco…
- CVE-2025-26305 — High (CVSS 8.2): A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows…
- CVE-2025-26304 — High (CVSS 8.2): A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.
- CVE-2025-70873 — High (CVSS 7.5): An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier…
- CVE-2025-36118 — High (CVSS 7.5): IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive…
- CVE-2025-5105 — High (CVSS 7.3): A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some…