cve-2022-1254
Vulnerability from cvelistv5
Published
2022-04-20 13:00
Modified
2024-08-02 23:55
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.
References
trellixpsirt@trellix.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10381Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10381Broken Link, Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Web Gateway",
          "vendor": "McAfee,LLC",
          "versions": [
            {
              "lessThan": "10.2.9",
              "status": "affected",
              "version": "10.X",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.20",
              "status": "affected",
              "version": "9.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.27",
              "status": "affected",
              "version": "8.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.2.31",
              "status": "affected",
              "version": "7.x",
              "versionType": "custom"
            },
            {
              "lessThan": "11.1.3",
              "status": "affected",
              "version": "Controlled 11.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-20T13:00:17",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SWG URL redirection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2022-1254",
          "STATE": "PUBLIC",
          "TITLE": "SWG URL redirection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Web Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.X",
                            "version_value": "10.2.9"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.x",
                            "version_value": "9.2.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.x",
                            "version_value": "8.2.27"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.x",
                            "version_value": "7.8.2.31"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Controlled 11.x",
                            "version_value": "11.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee,LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601: URL Redirection to Untrusted Site"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2022-1254",
    "datePublished": "2022-04-20T13:00:17",
    "dateReserved": "2022-04-06T00:00:00",
    "dateUpdated": "2024-08-02T23:55:24.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.8.2.31\", \"matchCriteriaId\": \"E70FE5A6-0FEA-4162-9CFE-04C9438FB8D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.2.27\", \"matchCriteriaId\": \"BDDDF1C5-515E-49D8-978C-F89663B74D32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.20\", \"matchCriteriaId\": \"950F6792-4730-4BAD-A910-CC9E4A1E4E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.2.9\", \"matchCriteriaId\": \"86C93742-4F33-4B9B-B546-1428DCC8FB05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndExcluding\": \"11.1.3\", \"matchCriteriaId\": \"20E056E8-414A-421E-B0F5-8B14D03C39EE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de redireccionamiento de URL en Skyhigh SWG en versiones principales 10.x anteriores a 10.2.9, 9.x anteriores a 9.2.20, 8.x anteriores a 8.2.27, y 7.x anteriores a 7.8.2.31, y la versi\\u00f3n controlada 11.x anterior a 11.1.3 permite que un atacante remoto redirija a un usuario a un sitio web malicioso controlado por el atacante. Esto es posible porque SWG crea incorrectamente una respuesta de redirecci\\u00f3n HTTP cuando un usuario hace clic en una URL cuidadosamente construida. Tras la respuesta de redireccionamiento, la nueva petici\\u00f3n sigue siendo filtrada por la pol\\u00edtica de SWG\"}]",
      "id": "CVE-2022-1254",
      "lastModified": "2024-11-21T06:40:21.033",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-04-20T13:15:07.507",
      "references": "[{\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381\", \"source\": \"trellixpsirt@trellix.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "trellixpsirt@trellix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-1254\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2022-04-20T13:15:07.507\",\"lastModified\":\"2024-11-21T06:40:21.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de redireccionamiento de URL en Skyhigh SWG en versiones principales 10.x anteriores a 10.2.9, 9.x anteriores a 9.2.20, 8.x anteriores a 8.2.27, y 7.x anteriores a 7.8.2.31, y la versi\u00f3n controlada 11.x anterior a 11.1.3 permite que un atacante remoto redirija a un usuario a un sitio web malicioso controlado por el atacante. Esto es posible porque SWG crea incorrectamente una respuesta de redirecci\u00f3n HTTP cuando un usuario hace clic en una URL cuidadosamente construida. Tras la respuesta de redireccionamiento, la nueva petici\u00f3n sigue siendo filtrada por la pol\u00edtica de SWG\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.8.2.31\",\"matchCriteriaId\":\"E70FE5A6-0FEA-4162-9CFE-04C9438FB8D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.2.27\",\"matchCriteriaId\":\"BDDDF1C5-515E-49D8-978C-F89663B74D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.20\",\"matchCriteriaId\":\"950F6792-4730-4BAD-A910-CC9E4A1E4E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.2.9\",\"matchCriteriaId\":\"86C93742-4F33-4B9B-B546-1428DCC8FB05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.1.3\",\"matchCriteriaId\":\"20E056E8-414A-421E-B0F5-8B14D03C39EE\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.