CNVD-2022-55669

Vulnerability from cnvd - Published: 2022-08-08
VLAI Severity ?
Title
多款Cisco产品信息泄露漏洞(CNVD-2022-55669)
Description
Cisco Email Security Appliance(ESA)和Cisco Secure Email都是美国思科(Cisco)公司的产品。Cisco Email Security Appliance是一个电子邮件安全设备。Cisco Secure Email是思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。 Cisco Email Security Appliance、Secure Email和Web Manager存在信息泄露漏洞,该漏洞源于查询外部身份验证服务器时缺少正确的输入清理。经过身份验证的远程攻击者可利用该漏洞从连接到受影响设备的轻型目录访问协议(LDAP)外部身份验证服务器检索敏感信息。
Severity
Patch Name
多款Cisco产品信息泄露漏洞(CNVD-2022-55669)的补丁
Patch Description
Cisco Email Security Appliance(ESA)和Cisco Secure Email都是美国思科(Cisco)公司的产品。Cisco Email Security Appliance是一个电子邮件安全设备。Cisco Secure Email是思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。 Cisco Email Security Appliance、Secure Email 和 Web Manager 存在信息泄露漏洞,该漏洞源于查询外部身份验证服务器时缺少正确的输入清理。经过身份验证的远程攻击者可利用该漏洞从连接到受影响设备的轻型目录访问协议(LDAP)外部身份验证服务器检索敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM
Impacted products
Name
['Cisco Email Security Appliance 12', 'Cisco Email Security Appliance 13', 'Cisco Secure Email 12', 'Cisco Secure Email 12.8', 'Cisco Secure Email 13.0', 'Cisco Secure Email 13.6', 'Cisco Secure Email 13.8', 'Cisco Web Manager 12', 'Cisco Web Manager 12.8', 'Cisco Web Manager 13.0', 'Cisco Web Manager 13.6', 'Cisco Web Manager 13.8', 'Cisco Web Manager 14.0', 'Cisco Web Manager 14.1', 'Cisco Web Manager <=11', 'Cisco Secure Email 14.0', 'Cisco Secure Email 14.1', 'Cisco Secure Email <=11', 'Cisco Email Security Appliance 14', 'Cisco Email Security Appliance <=11']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-20664",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-20664"
    }
  },
  "description": "Cisco Email Security Appliance\uff08ESA\uff09\u548cCisco Secure Email\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Email Security Appliance\u662f\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Secure Email\u662f\u601d\u79d1\u5b89\u5168\u7535\u5b50\u90ae\u4ef6\uff08\u524d\u8eab\u4e3a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\uff09\u4e3a\u60a8\u7684\u7535\u5b50\u90ae\u4ef6\u63d0\u4f9b\u6700\u4f73\u4fdd\u62a4\uff0c\u4f7f\u5176\u514d\u53d7\u7f51\u7edc\u5a01\u80c1\u3002\n\nCisco Email Security Appliance\u3001Secure Email\u548cWeb Manager\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67e5\u8be2\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u5668\u65f6\u7f3a\u5c11\u6b63\u786e\u7684\u8f93\u5165\u6e05\u7406\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u8fde\u63a5\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u5668\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-55669",
  "openTime": "2022-08-08",
  "patchDescription": "Cisco Email Security Appliance\uff08ESA\uff09\u548cCisco Secure Email\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Email Security Appliance\u662f\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Secure Email\u662f\u601d\u79d1\u5b89\u5168\u7535\u5b50\u90ae\u4ef6\uff08\u524d\u8eab\u4e3a\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\uff09\u4e3a\u60a8\u7684\u7535\u5b50\u90ae\u4ef6\u63d0\u4f9b\u6700\u4f73\u4fdd\u62a4\uff0c\u4f7f\u5176\u514d\u53d7\u7f51\u7edc\u5a01\u80c1\u3002\r\n\r\nCisco Email Security Appliance\u3001Secure Email \u548c Web Manager \u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67e5\u8be2\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u5668\u65f6\u7f3a\u5c11\u6b63\u786e\u7684\u8f93\u5165\u6e05\u7406\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u8fde\u63a5\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u5668\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-55669\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Email Security Appliance 12",
      "Cisco Email Security Appliance 13",
      "Cisco Secure Email 12",
      "Cisco Secure Email 12.8",
      "Cisco Secure Email 13.0",
      "Cisco Secure Email 13.6",
      "Cisco Secure Email 13.8",
      "Cisco Web Manager 12",
      "Cisco Web Manager 12.8",
      "Cisco Web Manager 13.0",
      "Cisco Web Manager 13.6",
      "Cisco Web Manager 13.8",
      "Cisco Web Manager 14.0",
      "Cisco Web Manager 14.1",
      "Cisco Web Manager \u003c=11",
      "Cisco Secure Email 14.0",
      "Cisco Secure Email 14.1",
      "Cisco Secure Email \u003c=11",
      "Cisco Email Security Appliance 14",
      "Cisco Email Security Appliance \u003c=11"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM",
  "serverity": "\u4f4e",
  "submitTime": "2022-06-17",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-55669\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.