CVE-2022-20738Protection Mechanism Failure in Cisco Umbrella Insights Virtual Appliance

CWE-693Protection Mechanism Failure4 documents4 sources
Severity
9.8CRITICALNVD
CNA5.8
EPSS
1.3%
top 20.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Umbrella Insights Virtual Appliance
Timeline
PublishedFeb 10
Latest updateFeb 11

Description

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qm4x-x5rj-qf54: A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature2022-02-11
CVEList
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability2022-02-10

📋Vendor Advisories

1
Cisco
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability2022-02-02
CVE-2022-20738 — Protection Mechanism Failure in Cisco | cvebase