CVE-2022-20798

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.3%
top 20.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Email Security ApplianceCisco Secure Email AND WEB ManagerCisco Cisco Email Security Appliance (esa)
Timeline
PublishedJun 15
Latest updateJun 16

Description

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authenticati

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDcisco/email_security_appliance14.014.0.1-033+1
NVDcisco/secure_email_and_web_manager13.013.0.0-277+4

🔴Vulnerability Details

2
GHSA
GHSA-c457-6cm5-j5m6: A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Applia2022-06-16
CVEList
Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability2022-06-15

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability2022-06-15