How severe is CVE-2022-20742?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2022-20742?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2022-20742

HIGH Year: 2022

CVSS v3 Score

7.4

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-325

View all →

Vulnerability Description

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.

CVE-2021-22946

HIGH

CVSS:7.5(High)

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESS...

CWE-3252021

CVE-2022-1279

HIGH

CVSS:7.5(High)

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ...

CWE-3252022

CVE-2023-40012

HIGH

CVSS:7.5(High)

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates...

CWE-3252023

CVE-2022-29229

HIGH

CVSS:7.2(High)

CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cr...

CWE-3252022

CVE-2018-5383

MEDIUM

CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018

CVE-2020-26244

MEDIUM

CVSS:6.8(Medium)

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issu...

CWE-3252020

CVE-2022-20742

Vulnerability Description

Related Vulnerabilities

CVE-2021-22946

CVE-2022-1279

CVE-2023-40012

CVE-2022-29229

CVE-2018-5383

CVE-2020-26244