Cisco · Cisco Asyncos · CVE-2022-20784
**Name of the Vulnerable Software and Affected Versions**
Cisco Web Security Appliance versions (affected versions not specified)
**Description**
The issue is related to the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software, which is affected by insufficient input validation. This could allow a remote attacker to bypass established web request policies and access blocked content on an affected device. The vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this by sending crafted URLs to be processed by an affected device, potentially allowing them to bypass the web proxy and access blocked web content.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.