CVE-2022-20784

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance versions (affected versions not specified)

Description The issue is related to the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software, which is affected by insufficient input validation. This could allow a remote attacker to bypass established web request policies and access blocked content on an affected device. The vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this by sending crafted URLs to be processed by an affected device, potentially allowing them to bypass the web proxy and access blocked web content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.