CVE-2022-20941

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified)

Description The issue is related to insufficient entropy in resource names and missing authorization for certain resources in the web-based management interface. This could allow a remote attacker to gain unauthorized access to sensitive information by sending specially crafted HTTPS requests. The attacker could exploit this by enumerating resources on the device, potentially leading to the retrieval of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.