CVE-2022-20868

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (affected versions not specified) Cisco Secure Email and Web Manager (affected versions not specified) Cisco Secure Web Appliance (affected versions not specified)

Description The issue is related to the use of a hardcoded cryptographic key in the web-based management interface of the affected systems. This could allow an authenticated, remote attacker to elevate privileges on an affected system by sending a crafted HTTP request. The attacker needs valid credentials to exploit this vulnerability. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.

Recommendations For Cisco Email Security Appliance, consider disabling the jwt api impl function until a patch is available. For Cisco Secure Email and Web Manager, restrict access to the web-based management interface to minimize the risk of exploitation. For Cisco Secure Web Appliance, avoid using the hardcoded JWT secret in API calls until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.