CVE-2022-20942

Summary

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Web Appliance11.7.0-406affected
CiscoCisco Secure Web Appliance11.7.0-418affected
CiscoCisco Secure Web Appliance11.7.1-049affected
CiscoCisco Secure Web Appliance11.7.1-006affected
CiscoCisco Secure Web Appliance11.7.1-020affected
CiscoCisco Secure Web Appliance11.7.2-011affected
CiscoCisco Secure Web Appliance11.8.0-414affected
CiscoCisco Secure Web Appliance11.8.1-023affected
CiscoCisco Secure Web Appliance11.8.3-018affected
CiscoCisco Secure Web Appliance11.8.3-021affected
CiscoCisco Secure Web Appliance12.0.1-268affected
CiscoCisco Secure Web Appliance12.0.3-007affected
CiscoCisco Secure Web Appliance12.5.2-007affected
CiscoCisco Secure Web Appliance12.5.1-011affected
CiscoCisco Secure Email11.0.3-238affected
CiscoCisco Secure Email11.1.0-069affected
CiscoCisco Secure Email11.1.0-131affected
CiscoCisco Secure Email11.1.0-128affected
CiscoCisco Secure Email12.0.0-419affected
CiscoCisco Secure Email12.1.0-071affected
CiscoCisco Secure Email12.1.0-087affected
CiscoCisco Secure Email12.1.0-089affected
CiscoCisco Secure Email13.0.0-392affected
CiscoCisco Secure Email13.5.1-277affected
CiscoCisco Secure Email12.5.0-066affected
CiscoCisco Secure Email14.0.0-698affected
CiscoCisco Secure Email14.2.0-620affected
CiscoCisco Secure Email and Web Manager11.0.0-115affected
CiscoCisco Secure Email and Web Manager11.0.1-161affected
CiscoCisco Secure Email and Web Manager11.5.1-105affected
CiscoCisco Secure Email and Web Manager12.0.0-452affected
CiscoCisco Secure Email and Web Manager12.0.1-011affected
CiscoCisco Secure Email and Web Manager12.5.0-636affected
CiscoCisco Secure Email and Web Manager12.5.0-658affected
CiscoCisco Secure Email and Web Manager12.5.0-678affected
CiscoCisco Secure Email and Web Manager12.5.0-670affected
CiscoCisco Secure Email and Web Manager13.0.0-277affected
CiscoCisco Secure Email and Web Manager13.6.2-078affected
CiscoCisco Secure Email and Web Manager13.8.1-068affected
CiscoCisco Secure Email and Web Manager13.8.1-074affected
CiscoCisco Secure Email and Web Manager12.8.1-002affected
CiscoCisco Secure Email and Web Manager14.0.0-404affected
CiscoCisco Secure Email and Web Manager14.1.0-223affected
CiscoCisco Secure Email and Web Manager14.1.0-227affected
CiscoCisco Secure Email and Web Manager14.2.0-212affected

Weaknesses

  • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References