CVE-2022-20867 - OpenCVE

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Secure Email Gateway Asyncos Secure Email And Web Manager

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2022-11-03T19:28:53.428Z

Updated: 2024-01-25T16:57:11.549Z

Reserved: 2021-11-02T13:28:29.182Z

Link: CVE-2022-20867

JSON object: View

NVD Information

Status : Modified

Published: 2022-11-04T18:15:10.923

Modified: 2024-01-25T17:15:17.783

Link: CVE-2022-20867

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-20867", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "dateReserved": "2021-11-02T13:28:29.182Z", "dateUpdated": "2024-01-25T16:57:11.549Z", "datePublished": "2022-11-03T19:28:53.428Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:11.549Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \r\n\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\r\n"}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Email", "versions": [{"version": "13.0.0-392", "status": "affected"}, {"version": "13.5.1-277", "status": "affected"}, {"version": "12.5.0-066", "status": "affected"}, {"version": "14.0.0-698", "status": "affected"}, {"version": "14.2.0-620", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Secure Email and Web Manager", "versions": [{"version": "12.0.1-011", "status": "affected"}, {"version": "12.5.0-636", "status": "affected"}, {"version": "12.5.0-658", "status": "affected"}, {"version": "12.5.0-678", "status": "affected"}, {"version": "12.5.0-670", "status": "affected"}, {"version": "13.0.0-277", "status": "affected"}, {"version": "13.6.2-078", "status": "affected"}, {"version": "13.8.1-068", "status": "affected"}, {"version": "13.8.1-074", "status": "affected"}, {"version": "12.8.1-002", "status": "affected"}, {"version": "14.0.0-404", "status": "affected"}, {"version": "14.1.0-223", "status": "affected"}, {"version": "14.1.0-227", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "cwe", "cweId": "CWE-89"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD", "name": "cisco-sa-esasmawsa-vulns-YRuSW5mD"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-esasmawsa-vulns-YRuSW5mD", "discovery": "EXTERNAL", "defects": ["CSCwc12185", "CSCwc12186"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A74DE82-C879-48E3-8E74-F03D18B8ECF4", "versionEndExcluding": "14.2.1", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEFF3E86-0ED8-40CA-BD69-9FD67F32A31A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EACCC821-A995-43A9-9BA2-8A335A55FC99", "versionEndExcluding": "14.2.0", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB4207E0-A5C1-4945-B996-722933148C37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \r\n\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\r\n"}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Email Security Appliance y Cisco Secure Email and Web Manager podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL como root en un sistema afectado. El atacante debe tener las credenciales de una cuenta de usuario con altos privilegios. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los par\u00e1metros enviados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n y enviando solicitudes maliciosas a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener datos o modificar datos almacenados en la base de datos subyacente del sistema afectado."}], "id": "CVE-2022-20867", "lastModified": "2024-01-25T17:15:17.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-11-04T18:15:10.923", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}