CVE-2022-20675Uncaught Exception in Cisco Asyncos

CWE-248Uncaught Exception4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
1.3%
top 20.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco AsyncosCisco WEB Security Appliance
Timeline
PublishedApr 6
Latest updateApr 7

Description

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/asyncos14.014.02.0-020+2

🔴Vulnerability Details

2
GHSA
GHSA-hw6v-rjm4-5m34: A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manage2022-04-07
CVEList
Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability2022-04-06

📋Vendor Advisories

1
Cisco
Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability2022-04-06
CVE-2022-20675 — Uncaught Exception in Cisco Asyncos | cvebase