Lucene search

CiscoCVELIST:CVE-2022-20738

HistoryFeb 03, 2022 - 12:00 a.m.

CVE-2022-20738 Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability

2022-02-0300:00:00

CWE-693

cisco

www.cve.org

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.

CNA Affected

[
  {
    "product": "Cisco Umbrella Insights Virtual Appliance ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swg-fbyps-3z4qT7p

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVELIST:CVE-2022-20738