CVE-2022-20867

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (affected versions not specified) Cisco Secure Email and Web Manager (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This issue is due to improper validation of user-submitted parameters, such as username and password. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system, potentially to API endpoints like "/api/v1/login" or "/users/{id}". A successful exploit could allow the attacker to obtain data or modify data stored in the underlying database of the affected system.

Recommendations For Cisco Email Security Appliance, update to a version that includes a fix for this issue. For Cisco Secure Email and Web Manager, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict access to high-privileged user accounts to reduce the potential impact of this vulnerability.