CVE-2022-20738
published 2022-02-10CVE-2022-20738: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.09%
61.1th percentile
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_umbrella_insights_virtual_appliance | — | — |
| cisco | umbrella_secure_web_gateway_file_inspection | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·No workarounds are available for this vulnerability; the only mitigation is vendor-supplied patching of the Cisco Umbrella Secure Web Gateway service. ↗
- ·The bypass is achieved via specific download methods using a crafted payload, meaning standard file inspection controls in Cisco Umbrella SWG cannot be relied upon as a compensating control until patched. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
vendor_cisco·2022-02-02·CVSS 5.8
CVE-2022-20738 [MEDIUM] CWE-693 Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature.
This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swg-fbyps-3z4qT7p
Cisco
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
vendor_cisco·CVSS 3.1
CVE-2022-20738 Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
CVE-2022-20738: Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. There are no
CVSS: 3.1
CWE: CWE-693, CWE-693
Bug IDs: CSCwa01047
GHSA
GHSA-qm4x-x5rj-qf54: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature
ghsa_unreviewed·2022-02-11
CVE-2022-20738 [CRITICAL] GHSA-qm4x-x5rj-qf54: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-10
Published