CVE-2022-20772

4.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Email
Cisco Secure Email And Web Manager
Vendor
CVE Published:
4 November 2022

Badges

๐Ÿ‘พ Exploit Exists

Summary

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack.

This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.

Affected Version(s)

Cisco Secure Email 13.5.1-277

Cisco Secure Email 14.0.0-698

Cisco Secure Email 14.2.0-620

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.