CVE-2022-20946: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2022-20946) was discovered in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software. The vulnerability affects FTD Software releases 6.3.0 and later, where GRE tunnel decapsulation in the LINA engine was first introduced. This security flaw allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected devices (Cisco Advisory).

The vulnerability stems from a memory handling error that occurs during GRE traffic processing, specifically classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787). The vulnerability has received a CVSS v3.1 base score of 8.6 (High) from Cisco Systems, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

A successful exploitation of this vulnerability results in a denial of service (DoS) condition. When exploited, the attack can cause the affected device to restart, leading to service interruption. The vulnerability affects multiple versions of Cisco Firepower Threat Defense Software, including versions 6.3.0 through 7.1.0.2 (Cisco Advisory).

While there are no direct workarounds for this vulnerability, administrators can bypass decapsulation for GRE-tunneled flows through the Cisco FMC GUI by changing the GRE tunnel rule type action to Fastpath. However, this configuration will bypass the detection engine for GRE-tunneled traffic. Cisco has released software updates that address this vulnerability, and customers with service contracts are advised to obtain security fixes through their usual update channels (Cisco Advisory).