PT-2022-2305 · Cisco · Cisco Umbrella Secure Web Gateway

Yosi Magor

Published

2022-02-02

Updated

2022-02-17

CVE-2022-20738

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Secure Web Gateway (affected versions not specified)

Description A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature due to insufficient restrictions. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods, potentially allowing them to bypass file inspection protections and download a malicious payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

BDU:2022-02491

CVE-2022-20738

Affected Products

Cisco Umbrella Secure Web Gateway

PT-2022-2305 · Cisco · Cisco Umbrella Secure Web Gateway

CVE-2022-20738

Weakness Enumeration

Related Identifiers

Affected Products

References · 5