Exploit Report

Exploit Report

Computer Security And Bug Information

CVE-2022-20952

Last Updated: March 1, 2023
CVECVE-2022-20952
CVE Ordinal Value219965
Published Date2023-03-01T08:15Z
Modified Date2023-03-01T13:45Z
DescriptionA vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek
Reference DescriptionMISC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek
Reference Description
Sources NIST MITRE
Note
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles