cvelistv5 - cve-2022-20871

CVE-2022-20871 (GCVE-0-2022-20871)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:27 – Updated: 2024-11-15 15:35

Summary

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see .

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Secure Web Appliance	Affected: 12.5.3-002 Affected: 14.1.0-032 Affected: 14.1.0-047 Affected: 14.1.0-041 Affected: 14.0.2-012 Affected: 12.5.1-011 Affected: 12.5.2-007 Affected: 12.5.2-011 Affected: 14.5.0-498 Affected: 12.5.4-005 Affected: 12.5.4-011

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T15:35:06.319558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:35:23.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Web Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5.3-002"
            },
            {
              "status": "affected",
              "version": "14.1.0-032"
            },
            {
              "status": "affected",
              "version": "14.1.0-047"
            },
            {
              "status": "affected",
              "version": "14.1.0-041"
            },
            {
              "status": "affected",
              "version": "14.0.2-012"
            },
            {
              "status": "affected",
              "version": "12.5.1-011"
            },
            {
              "status": "affected",
              "version": "12.5.2-007"
            },
            {
              "status": "affected",
              "version": "12.5.2-011"
            },
            {
              "status": "affected",
              "version": "14.5.0-498"
            },
            {
              "status": "affected",
              "version": "12.5.4-005"
            },
            {
              "status": "affected",
              "version": "12.5.4-011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\r\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see ."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:27:14.028Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-wsa-prv-esc-8PdRU8t8",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-wsa-prv-esc-8PdRU8t8",
        "defects": [
          "CSCwb92675"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Secure Web Appliance Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20871",
    "datePublished": "2024-11-15T15:27:14.028Z",
    "dateReserved": "2021-11-02T13:28:29.183Z",
    "dateUpdated": "2024-11-15T15:35:23.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\\r\\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see .\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz de administraci\\u00f3n web de Cisco\u0026#xa0;AsyncOS para Cisco\u0026#xa0;Secure Web Appliance, anteriormente Cisco\u0026#xa0;Web Security Appliance (WSA),\u0026#xa0;podr\\u00eda permitir que un atacante remoto autenticado realice una inyecci\\u00f3n de comandos y eleve los privilegios a superusuario. Esta vulnerabilidad se debe a una validaci\\u00f3n insuficiente de la entrada proporcionada por el usuario para la interfaz web. Un atacante podr\\u00eda explotar esta vulnerabilidad autentic\\u00e1ndose en el sistema y enviando un paquete HTTP dise\\u00f1ado al dispositivo afectado. Una explotaci\\u00f3n exitosa podr\\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente y elevar los privilegios a superusuario. Para explotar con \\u00e9xito esta vulnerabilidad, un atacante necesitar\\u00eda al menos credenciales de solo lectura. Cisco\u0026#xa0;ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad. Atenci\\u00f3n: la simplificaci\\u00f3n de la cartera de Cisco incluye el cambio de nombre de los productos de seguridad bajo una sola marca: Cisco\u0026#xa0;Secure. Para obtener m\\u00e1s informaci\\u00f3n, consulte.\"}]",
      "id": "CVE-2022-20871",
      "lastModified": "2024-11-18T17:11:56.587",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}]}",
      "published": "2024-11-15T16:15:23.757",
      "references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\", \"source\": \"ykramarz@cisco.com\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20871\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-11-15T16:15:23.757\",\"lastModified\":\"2025-08-11T17:44:07.837\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\\r\\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see .\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco\u0026#xa0;AsyncOS para Cisco\u0026#xa0;Secure Web Appliance, anteriormente Cisco\u0026#xa0;Web Security Appliance (WSA),\u0026#xa0;podr\u00eda permitir que un atacante remoto autenticado realice una inyecci\u00f3n de comandos y eleve los privilegios a superusuario. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para la interfaz web. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el sistema y enviando un paquete HTTP dise\u00f1ado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente y elevar los privilegios a superusuario. Para explotar con \u00e9xito esta vulnerabilidad, un atacante necesitar\u00eda al menos credenciales de solo lectura. Cisco\u0026#xa0;ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad. Atenci\u00f3n: la simplificaci\u00f3n de la cartera de Cisco incluye el cambio de nombre de los productos de seguridad bajo una sola marca: Cisco\u0026#xa0;Secure. Para obtener m\u00e1s informaci\u00f3n, consulte.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.1-011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D22A3C-16D5-4F61-AB44-111F4A4D9F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.2-007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C79D794-0BA9-4A55-B843-FBF9B7374095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.2-011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2536DCE8-4F1D-4056-A021-409B54C86ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.3-002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D75C030-216E-4019-ABA5-6DB662C6755C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.4-005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE6E431-7859-4E92-88C5-C85DADC8A5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:12.5.4-011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC0B862-5248-42D1-BB20-F957DD98A585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:14.0.2-012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BAC418-1CA1-4DB7-8B54-E4754A35F6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:14.1.0-032:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1C5EDF4-868A-43B9-B5BA-0F62984F7BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:14.1.0-041:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B7B8BB-91DA-490B-BA54-27AD44F862A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:14.1.0-047:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16B7F282-1F20-4C84-A13E-C671BAE3F8D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asyncos:14.5.0-498:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A56580-C34C-4E5D-B053-9D02F8DD9681\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:secure_web_appliance_virtual_s1000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09BCBB0F-88F1-4469-A7D4-DA8BCAF5470A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:secure_web_appliance_virtual_s100v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F88A369-E3A2-431A-AB71-CCD4F15E68EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:secure_web_appliance_virtual_s300v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8ED2A4-8E08-420D-B377-6D1F5AF675DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:secure_web_appliance_virtual_s600v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"780EA177-5623-4AFF-9316-D557BE2BD47D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance_s196:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1F2FAF-C64B-4AEB-8DE4-329C61B8D17F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance_s396:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5596058-16DB-46C0-82AC-D9BFC13F4126\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance_s696:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62BEA59D-2AF1-4BDF-ACB3-450BED2E5AAB\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20871\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T15:35:06.319558Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T15:35:10.515Z\"}}], \"cna\": {\"title\": \"Cisco Secure Web Appliance Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwb92675\"], \"advisory\": \"cisco-sa-wsa-prv-esc-8PdRU8t8\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Secure Web Appliance\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5.3-002\"}, {\"status\": \"affected\", \"version\": \"14.1.0-032\"}, {\"status\": \"affected\", \"version\": \"14.1.0-047\"}, {\"status\": \"affected\", \"version\": \"14.1.0-041\"}, {\"status\": \"affected\", \"version\": \"14.0.2-012\"}, {\"status\": \"affected\", \"version\": \"12.5.1-011\"}, {\"status\": \"affected\", \"version\": \"12.5.2-007\"}, {\"status\": \"affected\", \"version\": \"12.5.2-011\"}, {\"status\": \"affected\", \"version\": \"14.5.0-498\"}, {\"status\": \"affected\", \"version\": \"12.5.4-005\"}, {\"status\": \"affected\", \"version\": \"12.5.4-011\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8\", \"name\": \"cisco-sa-wsa-prv-esc-8PdRU8t8\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\\r\\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see .\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-78\", \"description\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-15T15:27:14.028Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-20871\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T15:35:23.825Z\", \"dateReserved\": \"2021-11-02T13:28:29.183Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-15T15:27:14.028Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-20871

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2022-20871

Aliases

CVE-2022-20871

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-20871",
    "id": "GSD-2022-20871"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20871"
      ],
      "id": "GSD-2022-20871",
      "modified": "2023-12-13T01:19:17.151504Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-20871",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CERTFR-2022-AVI-751

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Cisco AsyncOS for Secure Web Appliance. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance version 14.0 (correctif prévu pour août 2022)
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance version 12.5 (correctif prévu pour septembre 2022)
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance versions 14.5.x antérieures à 14.5.0-537

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-wsa-prv-esc-8PdRU8t8 du 17 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco AsyncOS for Secure Web Appliance version 14.0 (correctif pr\u00e9vu pour ao\u00fbt 2022)",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS for Secure Web Appliance version 12.5 (correctif pr\u00e9vu pour septembre 2022)",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS for Secure Web Appliance versions 14.5.x ant\u00e9rieures \u00e0 14.5.0-537",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-20871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20871"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco AsyncOS for Secure Web\nAppliance. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco AsyncOS for Secure Web Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wsa-prv-esc-8PdRU8t8 du 17 ao\u00fbt 2022",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ]
}

CERTFR-2022-AVI-751

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance version 14.0 (correctif prévu pour août 2022)
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance version 12.5 (correctif prévu pour septembre 2022)
Cisco	Secure Web Appliance	Cisco AsyncOS for Secure Web Appliance versions 14.5.x antérieures à 14.5.0-537

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-wsa-prv-esc-8PdRU8t8 du 17 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco AsyncOS for Secure Web Appliance version 14.0 (correctif pr\u00e9vu pour ao\u00fbt 2022)",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS for Secure Web Appliance version 12.5 (correctif pr\u00e9vu pour septembre 2022)",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS for Secure Web Appliance versions 14.5.x ant\u00e9rieures \u00e0 14.5.0-537",
      "product": {
        "name": "Secure Web Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-20871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20871"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco AsyncOS for Secure Web\nAppliance. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco AsyncOS for Secure Web Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wsa-prv-esc-8PdRU8t8 du 17 ao\u00fbt 2022",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ]
}

FKIE_CVE-2022-20871

Vulnerability from fkie_nvd - Published: 2024-11-15 16:15 - Updated: 2025-08-11 17:44

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	asyncos	12.5.1-011
cisco	asyncos	12.5.2-007
cisco	asyncos	12.5.2-011
cisco	asyncos	12.5.3-002
cisco	asyncos	12.5.4-005
cisco	asyncos	12.5.4-011
cisco	asyncos	14.0.2-012
cisco	asyncos	14.1.0-032
cisco	asyncos	14.1.0-041
cisco	asyncos	14.1.0-047
cisco	asyncos	14.5.0-498
cisco	secure_web_appliance_virtual_s1000v	-
cisco	secure_web_appliance_virtual_s100v	-
cisco	secure_web_appliance_virtual_s300v	-
cisco	secure_web_appliance_virtual_s600v	-
cisco	secure_web_appliance_s196	-
cisco	secure_web_appliance_s396	-
cisco	secure_web_appliance_s696	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.1-011:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D22A3C-16D5-4F61-AB44-111F4A4D9F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.2-007:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C79D794-0BA9-4A55-B843-FBF9B7374095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.2-011:*:*:*:*:*:*:*",
              "matchCriteriaId": "2536DCE8-4F1D-4056-A021-409B54C86ED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.3-002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D75C030-216E-4019-ABA5-6DB662C6755C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.4-005:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE6E431-7859-4E92-88C5-C85DADC8A5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:12.5.4-011:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC0B862-5248-42D1-BB20-F957DD98A585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:14.0.2-012:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BAC418-1CA1-4DB7-8B54-E4754A35F6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:14.1.0-032:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C5EDF4-868A-43B9-B5BA-0F62984F7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:14.1.0-041:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B7B8BB-91DA-490B-BA54-27AD44F862A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:14.1.0-047:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B7F282-1F20-4C84-A13E-C671BAE3F8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asyncos:14.5.0-498:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A56580-C34C-4E5D-B053-9D02F8DD9681",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_web_appliance_virtual_s1000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BCBB0F-88F1-4469-A7D4-DA8BCAF5470A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_web_appliance_virtual_s100v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F88A369-E3A2-431A-AB71-CCD4F15E68EB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_web_appliance_virtual_s300v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8ED2A4-8E08-420D-B377-6D1F5AF675DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_web_appliance_virtual_s600v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "780EA177-5623-4AFF-9316-D557BE2BD47D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_web_appliance_s196:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1F2FAF-C64B-4AEB-8DE4-329C61B8D17F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_web_appliance_s396:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5596058-16DB-46C0-82AC-D9BFC13F4126",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:secure_web_appliance_s696:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BEA59D-2AF1-4BDF-ACB3-450BED2E5AAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\r\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see ."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco\u0026#xa0;AsyncOS para Cisco\u0026#xa0;Secure Web Appliance, anteriormente Cisco\u0026#xa0;Web Security Appliance (WSA),\u0026#xa0;podr\u00eda permitir que un atacante remoto autenticado realice una inyecci\u00f3n de comandos y eleve los privilegios a superusuario. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para la interfaz web. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el sistema y enviando un paquete HTTP dise\u00f1ado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente y elevar los privilegios a superusuario. Para explotar con \u00e9xito esta vulnerabilidad, un atacante necesitar\u00eda al menos credenciales de solo lectura. Cisco\u0026#xa0;ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad. Atenci\u00f3n: la simplificaci\u00f3n de la cartera de Cisco incluye el cambio de nombre de los productos de seguridad bajo una sola marca: Cisco\u0026#xa0;Secure. Para obtener m\u00e1s informaci\u00f3n, consulte."
    }
  ],
  "id": "CVE-2022-20871",
  "lastModified": "2025-08-11T17:44:07.837",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-15T16:15:23.757",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

GHSA-RW66-6RGJ-MWJH

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-11-15 18:30

Details

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see .

Severity ?

6.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-20871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web management interface of Cisco\u0026nbsp;AsyncOS for Cisco\u0026nbsp;Secure Web Appliance, formerly Cisco\u0026nbsp;Web Security Appliance (WSA),\u0026nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see .",
  "id": "GHSA-rw66-6rgj-mwjh",
  "modified": "2024-11-15T18:30:50Z",
  "published": "2024-11-15T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20871"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CISCO-SA-WSA-PRV-ESC-8PDRU8T8

Vulnerability from csaf_cisco - Published: 2022-08-17 16:00 - Updated: 2022-10-03 18:13

Summary

Cisco Secure Web Appliance Privilege Escalation Vulnerability

Notes

Summary

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure ["https://www.cisco.com/c/en/us/products/security/secure-names.html"].

Vulnerable Products

This vulnerability affects Cisco AsyncOS for Cisco Secure Web Appliance, both virtual and hardware appliances. For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Email Security Appliance (ESA), both virtual and hardware appliances Secure Email and Web Manager, formerly Security Management Appliance (SMA), both virtual and hardware appliances

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page ["https://www.cisco.com/c/en/us/support/index.html"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] as indicated in this section. Cisco AsyncOS for Secure Web Appliance Release First Fixed Release Earlier than 12.5 Not vulnerable 12.5 12.5.5-004 14.0 14.0.3-014 14.5 14.5.0-537 In most cases, the software can be upgraded over the network by using the System Upgrade options in the web interface of the Secure Web Appliance. To upgrade a device by using the web interface, do the following: Choose System Administration > System Upgrade. Click Upgrade Options. Choose Download and Install. Choose the release to upgrade to. In the Upgrade Preparation area, choose the appropriate options. Click Proceed to begin the upgrade. A progress bar displays the status of the upgrade. After the upgrade is complete, the device reboots. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Alvaro Gutierrez of mnemonic for finding and reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Alvaro Gutierrez of mnemonic for finding and reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n\r\n\r\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure [\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"].",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects Cisco AsyncOS for Cisco Secure Web Appliance, both virtual and hardware appliances.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nEmail Security Appliance (ESA), both virtual and hardware appliances\r\nSecure Email and Web Manager, formerly Security Management Appliance (SMA), both virtual and hardware appliances",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu\"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.\r\n\r\nCustomers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nThe Cisco Support and Downloads page [\"https://www.cisco.com/c/en/us/support/index.html\"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nIn the following table(s), the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] as indicated in this section.\r\n        Cisco AsyncOS for Secure Web Appliance Release  First Fixed Release          Earlier than 12.5  Not vulnerable      12.5  12.5.5-004      14.0  14.0.3-014      14.5  14.5.0-537\r\nIn most cases, the software can be upgraded over the network by using the System Upgrade options in the web interface of the Secure Web Appliance. To upgrade a device by using the web interface, do the following:\r\n\r\nChoose System Administration \u003e System Upgrade.\r\nClick Upgrade Options.\r\nChoose Download and Install.\r\nChoose the release to upgrade to.\r\nIn the Upgrade Preparation area, choose the appropriate options.\r\nClick Proceed to begin the upgrade. A progress bar displays the status of the upgrade.\r\n\r\nAfter the upgrade is complete, the device reboots.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Alvaro Gutierrez of mnemonic for finding and reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Secure Web Appliance Privilege Escalation Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Meet Cisco\u0026nbsp;Secure",
        "url": "https://www.cisco.com/c/en/us/products/security/secure-names.html"
      },
      {
        "category": "external",
        "summary": "free software updates",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Support and Downloads page",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      }
    ],
    "title": "Cisco Secure Web Appliance Privilege Escalation Vulnerability",
    "tracking": {
      "current_release_date": "2022-10-03T18:13:53+00:00",
      "generator": {
        "date": "2024-05-10T23:17:50+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-wsa-prv-esc-8PdRU8t8",
      "initial_release_date": "2022-08-17T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2022-08-17T15:47:05+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2022-08-25T18:17:30+00:00",
          "number": "1.1.0",
          "summary": "Updated fixed releases."
        },
        {
          "date": "2022-09-22T15:21:47+00:00",
          "number": "1.2.0",
          "summary": "Updated fixed releases."
        },
        {
          "date": "2022-10-03T18:13:53+00:00",
          "number": "1.3.0",
          "summary": "Updated fixed releases."
        }
      ],
      "status": "final",
      "version": "1.3.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Secure Web Appliance",
            "product": {
              "name": "Cisco Secure Web Appliance ",
              "product_id": "CSAFPID-189789"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-20871",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwb92675"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-189789"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-189789"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-189789"
          ]
        }
      ],
      "title": "Cisco Secure Web Appliance Privilege Escalation Vulnerability"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-20871 (GCVE-0-2022-20871)

GSD-2022-20871

CERTFR-2022-AVI-751

Solution

CERTFR-2022-AVI-751

Solution

FKIE_CVE-2022-20871

GHSA-RW66-6RGJ-MWJH

CISCO-SA-WSA-PRV-ESC-8PDRU8T8

Tags

Sightings

Nomenclature