Input validation error in Cisco AsyncOS for Web Security Appliances - CVE-2022-20952
Published: October 6, 2022
Vulnerability identifier: #VU67952
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-20952
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AsyncOS for Web Security Appliances
Cisco AsyncOS for Web Security Appliances
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the scanning engines. A remote attacker can bypass an explicit block rule and receive traffic that should have been rejected by the device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.