Main Vulnerability Database SB2022042123

SB2022042123 - Protection Mechanism Failure in Cisco Umbrella Secure Web Gateway

Published: April 21, 2022

Security Bulletin ID SB2022042123

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Protection Mechanism Failure (CVE-ID: CVE-2022-20805)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the automatic decryption process. A remote user on the local network can bypass the decryption process and download malicious content to a host on a protected network.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6