CVE-2022-20867 - OpenCVE

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asyncos Secure Email And Web Manager Secure Email Gateway

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-11-03T19:28:53.428Z

Updated: 2024-08-03T02:24:50.251Z

Reserved: 2021-11-02T13:28:29.182Z

Link: CVE-2022-20867

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-04T18:15:10.923

Modified: 2024-01-25T17:15:17.783

Link: CVE-2022-20867

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-20867", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "dateReserved": "2021-11-02T13:28:29.182Z", "dateUpdated": "2024-08-03T02:24:50.251Z", "datePublished": "2022-11-03T19:28:53.428Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:11.549Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \r\n\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\r\n"}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Email", "versions": [{"version": "13.0.0-392", "status": "affected"}, {"version": "13.5.1-277", "status": "affected"}, {"version": "12.5.0-066", "status": "affected"}, {"version": "14.0.0-698", "status": "affected"}, {"version": "14.2.0-620", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Secure Email and Web Manager", "versions": [{"version": "12.0.1-011", "status": "affected"}, {"version": "12.5.0-636", "status": "affected"}, {"version": "12.5.0-658", "status": "affected"}, {"version": "12.5.0-678", "status": "affected"}, {"version": "12.5.0-670", "status": "affected"}, {"version": "13.0.0-277", "status": "affected"}, {"version": "13.6.2-078", "status": "affected"}, {"version": "13.8.1-068", "status": "affected"}, {"version": "13.8.1-074", "status": "affected"}, {"version": "12.8.1-002", "status": "affected"}, {"version": "14.0.0-404", "status": "affected"}, {"version": "14.1.0-223", "status": "affected"}, {"version": "14.1.0-227", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "cwe", "cweId": "CWE-89"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD", "name": "cisco-sa-esasmawsa-vulns-YRuSW5mD"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-esasmawsa-vulns-YRuSW5mD", "discovery": "EXTERNAL", "defects": ["CSCwc12185", "CSCwc12186"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:50.251Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD", "name": "cisco-sa-esasmawsa-vulns-YRuSW5mD", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A74DE82-C879-48E3-8E74-F03D18B8ECF4", "versionEndExcluding": "14.2.1", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEFF3E86-0ED8-40CA-BD69-9FD67F32A31A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EACCC821-A995-43A9-9BA2-8A335A55FC99", "versionEndExcluding": "14.2.0", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB4207E0-A5C1-4945-B996-722933148C37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \r\n\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\r\n"}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Email Security Appliance y Cisco Secure Email and Web Manager podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL como root en un sistema afectado. El atacante debe tener las credenciales de una cuenta de usuario con altos privilegios. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los par\u00e1metros enviados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n y enviando solicitudes maliciosas a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener datos o modificar datos almacenados en la base de datos subyacente del sistema afectado."}], "id": "CVE-2022-20867", "lastModified": "2024-01-25T17:15:17.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-11-04T18:15:10.923", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}