CVE-2022-20772

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager (affected versions not specified)

Description The issue is related to the failure of the application to properly handle CRLF sequences in HTTP headers, allowing an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This can be achieved by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. The vulnerability is due to the failure to properly sanitize input values.

Recommendations For Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager, consider disabling the handling of CRLF sequences in HTTP headers as a temporary workaround until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. Avoid using malicious HTTP headers in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.