Cisco Firepower Threat Defence Software Generic Routing Encapsulation Denial of Service Vulnerability [CVE-2022-20946]
CVE number – CVE-2022-20946
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition.
Vulnerable Products
This vulnerability affects Cisco FTD Software releases 6.3.0 and later.
Note: GRE tunnel decapsulation in the LINA engine was introduced in Cisco FTD Software Release 6.3.0. This feature is enabled by default and cannot be disabled.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Workarounds
- There are no workarounds that address this vulnerability. However, administrators may choose to bypass decapsulation for GRE-tunneled flows by following these steps from the Cisco FMC GUI:
- Click Policies and choose Prefilter under Access Control.Click Edit under the Prefilter Policy that is associated with the access policy assigned to the device.Change the GRE tunnel rule type action to Fastpath.Click Save.Click Deploy.
Fixed Software
- Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM
![Cisco Firepower Threat Defence Software Generic Routing Encapsulation Denial of Service Vulnerability [CVE-2022-20946]](https://i0.wp.com/www.systemtek.co.uk/wp-content/uploads/2022/01/blank-profile-hi.png?resize=100%2C100)
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.