CVE-2022-20952 - OpenCVE

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	S395 S695 Asyncos S195

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:asyncos::::::::
	cpe:2.3:o:cisco:asyncos:14.5.0:::::::*

OR	cpe:2.3:h:cisco:s195:-:::::::*
	cpe:2.3:h:cisco:s395:-:::::::*
	cpe:2.3:h:cisco:s695:-:::::::*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-02-16T15:27:16.003Z

Updated: 2024-01-25T16:57:24.396Z

Reserved: 2021-11-02T13:28:29.194Z

Link: CVE-2022-20952

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-01T08:15:10.270

Modified: 2024-01-25T17:15:22.127

Link: CVE-2022-20952

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-20952", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2021-11-02T13:28:29.194Z", "datePublished": "2023-02-16T15:27:16.003Z", "dateUpdated": "2024-01-25T16:57:24.396Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:24.396Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Web Appliance", "versions": [{"version": "11.8.0-414", "status": "affected"}, {"version": "11.8.1-023", "status": "affected"}, {"version": "11.8.3-018", "status": "affected"}, {"version": "11.8.3-021", "status": "affected"}, {"version": "12.0.1-268", "status": "affected"}, {"version": "12.0.3-007", "status": "affected"}, {"version": "12.5.2-007", "status": "affected"}, {"version": "12.5.1-011", "status": "affected"}, {"version": "12.5.4-005", "status": "affected"}, {"version": "12.5.5-004", "status": "affected"}, {"version": "14.5.0-498", "status": "affected"}, {"version": "14.0.3-014", "status": "affected"}, {"version": "14.0.2-012", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Input Validation", "type": "cwe", "cweId": "CWE-20"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek", "name": "cisco-sa-wsa-bypass-bwBfugek"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-wsa-bypass-bwBfugek", "discovery": "INTERNAL", "defects": ["CSCwc54898"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F123F722-4765-49AE-AFE7-C889F3658C57", "versionEndExcluding": "14.0.4", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "23EC2FAD-D9BF-450F-989E-ED862E263F4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:s195:-:*:*:*:*:*:*:*", "matchCriteriaId": "9797CD28-48A3-45BD-BF68-F0DF6F5A5579", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:s395:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6D20279-8176-449A-AF4C-E2C90F370B30", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:s695:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9408ADA-7A8F-4528-8236-65713CF642D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."}], "id": "CVE-2022-20952", "lastModified": "2024-01-25T17:15:22.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-03-01T08:15:10.270", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}