CVE-2022-20867

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Email
Cisco Secure Email And Web Manager
Vendor
CVE Published:
4 November 2022

Badges

๐Ÿ‘พ Exploit Exists

Summary

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account.

This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.

Affected Version(s)

Cisco Secure Email 13.0.0-392

Cisco Secure Email 13.5.1-277

Cisco Secure Email 12.5.0-066

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.