VDB
CVE-2022-20942
CVE-2022-20942
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.
EPSS 0.27% · 50.8th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.27%
50.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Email | 12.1.0-087, 12.1.0-071, 12.0.0-419 |
| Cisco | Cisco Secure Web Appliance | 11.8.1-023, 11.8.3-018, 11.8.3-021 |
| cisco | asyncos | 0, 14.3.0, 0 |
| Cisco | Cisco Secure Email and Web Manager | 12.8.1-002, 12.5.0-670, 13.8.1-068 |
Exploit Intelligence
Timeline
- Nov 3, 2022 CVE Published
- Nov 5, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
- Oct 16, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Jan 11, 2024 EPSS Score