cnvd-2022-55685
Vulnerability from cnvd

Title: Cisco多款产品授权问题漏洞

Description:

Cisco Email Security Appliance(ESA)和Cisco Secure Email都是美国思科(Cisco)公司的产品。Cisco Email Security Appliance是一个电子邮件安全设备。Cisco Secure Email是思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。

Cisco Email Security Appliance、Secure Email Web Manager存在授权问题漏洞,该漏洞源于受影响的设备使用轻型目录访问协议(LDAP)进行外部身份验证时身份验证检查不当。未经身份验证的远程攻击者可利用该漏洞绕过身份验证并登录到受影响设备的Web管理界面。

Severity:

Patch Name: Cisco多款产品授权问题漏洞 的补丁

Patch Description:

Cisco Email Security Appliance(ESA)和Cisco Secure Email都是美国思科(Cisco)公司的产品。Cisco Email Security Appliance是一个电子邮件安全设备。Cisco Secure Email是思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。

Cisco Email Security Appliance、Secure Email Web Manager存在授权问题漏洞,该漏洞源于受影响的设备使用轻型目录访问协议(LDAP)进行外部身份验证时身份验证检查不当。未经身份验证的远程攻击者可利用该漏洞绕过身份验证并登录到受影响设备的Web管理界面。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD

Impacted products
Name
['Cisco Email Security Appliance 12', 'Cisco Email Security Appliance 13', 'Cisco Secure Email 12', 'Cisco Secure Email 12.8', 'Cisco Secure Email 13.0', 'Cisco Secure Email 13.6', 'Cisco Secure Email 13.8', 'Cisco Web Manager 12', 'Cisco Web Manager 12.8', 'Cisco Web Manager 13.0', 'Cisco Web Manager 13.6', 'Cisco Web Manager 13.8', 'Cisco Web Manager 14.0', 'Cisco Web Manager 14.1', 'Cisco Web Manager <=11', 'Cisco Secure Email 14.0', 'Cisco Secure Email 14.1', 'Cisco Secure Email <=11', 'Cisco Email Security Appliance 14', 'Cisco Email Security Appliance <=11']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-20798"
    }
  },
  "description": "Cisco Email Security Appliance\uff08ESA\uff09\u548cCisco Secure Email\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Email Security Appliance\u662f\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Secure Email\u662f\u601d\u79d1\u5b89\u5168\u7535\u5b50\u90ae\u4ef6\uff08\u524d\u8eab\u4e3a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\uff09\u4e3a\u60a8\u7684\u7535\u5b50\u90ae\u4ef6\u63d0\u4f9b\u6700\u4f73\u4fdd\u62a4\uff0c\u4f7f\u5176\u514d\u53d7\u7f51\u7edc\u5a01\u80c1\u3002\n\nCisco Email Security Appliance\u3001Secure Email Web Manager\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4f7f\u7528\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u8fdb\u884c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65f6\u8eab\u4efd\u9a8c\u8bc1\u68c0\u67e5\u4e0d\u5f53\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u767b\u5f55\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684Web\u7ba1\u7406\u754c\u9762\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-55685",
  "openTime": "2022-08-08",
  "patchDescription": "Cisco Email Security Appliance\uff08ESA\uff09\u548cCisco Secure Email\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Email Security Appliance\u662f\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Secure Email\u662f\u601d\u79d1\u5b89\u5168\u7535\u5b50\u90ae\u4ef6\uff08\u524d\u8eab\u4e3a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\uff09\u4e3a\u60a8\u7684\u7535\u5b50\u90ae\u4ef6\u63d0\u4f9b\u6700\u4f73\u4fdd\u62a4\uff0c\u4f7f\u5176\u514d\u53d7\u7f51\u7edc\u5a01\u80c1\u3002\r\n\r\nCisco Email Security Appliance\u3001Secure Email Web Manager\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4f7f\u7528\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u8fdb\u884c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65f6\u8eab\u4efd\u9a8c\u8bc1\u68c0\u67e5\u4e0d\u5f53\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u767b\u5f55\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684Web\u7ba1\u7406\u754c\u9762\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco\u591a\u6b3e\u4ea7\u54c1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Email Security Appliance 12",
      "Cisco Email Security Appliance 13",
      "Cisco Secure Email 12",
      "Cisco Secure Email 12.8",
      "Cisco Secure Email 13.0",
      "Cisco Secure Email 13.6",
      "Cisco Secure Email 13.8",
      "Cisco Web Manager 12",
      "Cisco Web Manager 12.8",
      "Cisco Web Manager 13.0",
      "Cisco Web Manager 13.6",
      "Cisco Web Manager 13.8",
      "Cisco Web Manager 14.0",
      "Cisco Web Manager 14.1",
      "Cisco Web Manager \u003c=11",
      "Cisco Secure Email 14.0",
      "Cisco Secure Email 14.1",
      "Cisco Secure Email \u003c=11",
      "Cisco Email Security Appliance 14",
      "Cisco Email Security Appliance \u003c=11"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD",
  "serverity": "\u4e2d",
  "submitTime": "2022-06-17",
  "title": "Cisco\u591a\u6b3e\u4ea7\u54c1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.