CVE-2022-2310

Name of the Vulnerable Software and Affected Versions Skyhigh SWG versions 8.x through 8.2.27 Skyhigh SWG versions 9.x through 9.2.22 Skyhigh SWG versions 10.x through 10.2.11 Skyhigh SWG versions 11.x through 11.2.0

Description The issue allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. The attacker can log into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.

Recommendations For Skyhigh SWG versions 8.x through 8.2.27, update to version 8.2.28 or later. For Skyhigh SWG versions 9.x through 9.2.22, update to version 9.2.23 or later. For Skyhigh SWG versions 10.x through 10.2.11, update to version 10.2.12 or later. For Skyhigh SWG versions 11.x through 11.2.0, update to version 11.2.1 or later.