CVE-2022-20952

Name of the Vulnerable Software and Affected Versions Cisco Secure Web Appliance versions (affected versions not specified)

Description The issue is related to insufficient input validation in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance. This could allow a remote attacker to bypass security restrictions by exploiting the vulnerability. The vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this by connecting through an affected device to a malicious server and receiving malformed HTTP responses, potentially allowing traffic onto a network that should have been blocked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.