cbcvebase.
CVE-2022-20738
published 2022-02-10

CVE-2022-20738: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.09%
61.1th percentile
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocisco_umbrella_insights_virtual_appliance
ciscoumbrella_secure_web_gateway_file_inspection

Detection & IOCsextracted from sources · hover to see the quote

  • ·No workarounds are available for this vulnerability; the only mitigation is vendor-supplied patching of the Cisco Umbrella Secure Web Gateway service.
  • ·The bypass is achieved via specific download methods using a crafted payload, meaning standard file inspection controls in Cisco Umbrella SWG cannot be relied upon as a compensating control until patched.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.