CVE-2022-20784

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 32.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco WEB Security ApplianceCisco Cisco WEB Security Appliance (wsa)
Timeline
PublishedApr 6
Latest updateApr 7

Description

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/web_security_appliance11.7.014.0.2

🔴Vulnerability Details

2
GHSA
GHSA-vv88-544v-pvq3: A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauth2022-04-07
CVEList
Cisco Web Security Appliance Filter Bypass Vulnerability2022-04-06

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Filter Bypass Vulnerability2022-04-06
CVE-2022-20784 (MEDIUM CVSS 5.3) | A vulnerability in the Web-Based Re | cvebase.io