CVE-2022-20871

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 57.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Secure WEB ApplianceCisco Asyncos
Timeline
PublishedNov 15

Description

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful ex

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5cisco/cisco_secure_web_appliance11 versions+10
NVDcisco/asyncos11 versions+10

🔴Vulnerability Details

2
CVEList
Cisco Secure Web Appliance Privilege Escalation Vulnerability2024-11-15
GHSA
GHSA-rw66-6rgj-mwjh: A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could al2024-11-15

📋Vendor Advisories

1
Cisco
Cisco Secure Web Appliance Privilege Escalation Vulnerability2022-08-17
CVE-2022-20871 (HIGH CVSS 8.8) | A vulnerability in the web manageme | cvebase.io