cve-2022-20867
Vulnerability from cvelistv5
Published
2022-11-03 19:28
Modified
2024-11-20 14:32
Summary
A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
Impacted products
Vendor Product Version
Cisco Cisco Secure Email and Web Manager Version: 12.0.1-011
Version: 12.5.0-636
Version: 12.5.0-658
Version: 12.5.0-678
Version: 12.5.0-670
Version: 13.0.0-277
Version: 13.6.2-078
Version: 13.8.1-068
Version: 13.8.1-074
Version: 12.8.1-002
Version: 14.0.0-404
Version: 14.1.0-223
Version: 14.1.0-227
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:50.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-esasmawsa-vulns-YRuSW5mD",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-29T20:30:59.948121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T14:32:35.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Email",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0-392"
            },
            {
              "status": "affected",
              "version": "13.5.1-277"
            },
            {
              "status": "affected",
              "version": "12.5.0-066"
            },
            {
              "status": "affected",
              "version": "14.0.0-698"
            },
            {
              "status": "affected",
              "version": "14.2.0-620"
            }
          ]
        },
        {
          "product": "Cisco Secure Email and Web Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.1-011"
            },
            {
              "status": "affected",
              "version": "12.5.0-636"
            },
            {
              "status": "affected",
              "version": "12.5.0-658"
            },
            {
              "status": "affected",
              "version": "12.5.0-678"
            },
            {
              "status": "affected",
              "version": "12.5.0-670"
            },
            {
              "status": "affected",
              "version": "13.0.0-277"
            },
            {
              "status": "affected",
              "version": "13.6.2-078"
            },
            {
              "status": "affected",
              "version": "13.8.1-068"
            },
            {
              "status": "affected",
              "version": "13.8.1-074"
            },
            {
              "status": "affected",
              "version": "12.8.1-002"
            },
            {
              "status": "affected",
              "version": "14.0.0-404"
            },
            {
              "status": "affected",
              "version": "14.1.0-223"
            },
            {
              "status": "affected",
              "version": "14.1.0-227"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \r\n\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\r\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:11.549Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-esasmawsa-vulns-YRuSW5mD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-esasmawsa-vulns-YRuSW5mD",
        "defects": [
          "CSCwc12185",
          "CSCwc12186"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20867",
    "datePublished": "2022-11-03T19:28:53.428Z",
    "dateReserved": "2021-11-02T13:28:29.182Z",
    "dateUpdated": "2024-11-20T14:32:35.941Z",
    "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20867\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-11-04T18:15:10.923\",\"lastModified\":\"2024-11-21T06:43:43.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. \\r\\n\\r This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.\\r\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Email Security Appliance y Cisco Secure Email and Web Manager podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL como root en un sistema afectado. El atacante debe tener las credenciales de una cuenta de usuario con altos privilegios. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los par\u00e1metros enviados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n y enviando solicitudes maliciosas a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener datos o modificar datos almacenados en la base de datos subyacente del sistema afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"14.2.1\",\"matchCriteriaId\":\"6A74DE82-C879-48E3-8E74-F03D18B8ECF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFF3E86-0ED8-40CA-BD69-9FD67F32A31A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"14.2.0\",\"matchCriteriaId\":\"EACCC821-A995-43A9-9BA2-8A335A55FC99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4207E0-A5C1-4945-B996-722933148C37\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.