VDB
CVE-2022-20867
CVE-2022-20867
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
EPSS 0.13% · 31.7th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.13%
31.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Email and Web Manager | 12.8.1-002, 14.1.0-227, 12.0.1-011 |
| Cisco | Cisco Secure Email | 14.0.0-698, 12.5.0-066, 14.2.0-620 |
| cisco | asyncos | 13.0, 12.0 |
Exploit Intelligence
Timeline
- Nov 3, 2022 CVE Published
- Nov 5, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
- Oct 16, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs advisory
- cisco-sa-esasmawsa-vulns-YRuSW5mD url
- https://nvd.nist.gov/vuln/detail/CVE-2022-20867 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD url