Lucene search

[email protected]NVD:CVE-2022-2310

HistoryJul 27, 2022 - 10:15 a.m.

CVE-2022-2310

2022-07-2710:15:08

CWE-290

[email protected]

web.nvd.nist.gov

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.

Affected configurations

NVD

Node

skyhighsecuritysecure_web_gatewayRange8.0.0–8.2.28

skyhighsecuritysecure_web_gatewayRange9.0.0–9.2.23

skyhighsecuritysecure_web_gatewayRange10.0.0–10.2.12

skyhighsecuritysecure_web_gatewayRange11.0.0–11.2.1

References

kcm.trellix.com/corporate/index?page=content&id=SB10384&actp=null&viewlocale=en_US&showDraft=false&platinum_status=false&locale=en_US

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for NVD:CVE-2022-2310

cve1 prion1 cvelist1