#VU68969 Incorrect authorization in Cisco AsyncOS for Cisco Email Security Appliance and Cisco AsyncOS for Web Security Appliances - CVE-2022-20942
Vulnerability identifier: #VU68969
Vulnerability risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-863
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Cisco AsyncOS for Web Security Appliances
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to weak enforcement of back-end authorization checks within the web-based management interface. A remote authenticated user can send a specially crafted HTTP request to the affected device and obtain confidential data that is stored on the affected device.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco AsyncOS for Cisco Email Security Appliance: before 14.2.1-015
Cisco AsyncOS for Web Security Appliances: before 12.0.5-011
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnt-sec-infodiscl-BVKKnUG
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc43104
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc43106
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc43102
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
