Details of VAR-202204-0619

ID

VAR-202204-0619

CVE

CVE-2022-20805

TITLE

Cisco Umbrella Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

DESCRIPTION

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6

Trust: 1.08

sources: NVD: CVE-2022-20805 // VULHUB: VHN-405358 // VULMON: CVE-2022-20805

AFFECTED PRODUCTS

vendor:

cisco

model:

umbrella secure web gateway

scope:

version:

Trust: 1.0

sources: NVD: CVE-2022-20805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20805
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20805
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3903
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405358
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-20805
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-405358
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20805
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-405358 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805 // NVD: CVE-2022-20805

PROBLEMTYPE DATA

problemtype:	CWE-693	Trust: 1.0
problemtype:	CWE-327	Trust: 1.0

sources: NVD: CVE-2022-20805

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

PATCH

title:	Cisco Umbrella Fixes for encryption problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247259	Trust: 0.6
title:	Cisco: Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-uswg-fdbps-xtTRKpp6	Trust: 0.1

sources: VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20805	Trust: 1.8
db:	CS-HELP	id:	SB2022042123	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3903	Trust: 0.6
db:	CNVD	id:	CNVD-2022-46476	Trust: 0.1
db:	VULHUB	id:	VHN-405358	Trust: 0.1
db:	VULMON	id:	CVE-2022-20805	Trust: 0.1

sources: VULHUB: VHN-405358 // VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-uswg-fdbps-xttrkpp6	Trust: 2.4
url:	https://cxsecurity.com/cveshow/cve-2022-20805/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042123	Trust: 0.6

sources: VULHUB: VHN-405358 // VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805

SOURCES

db:	VULHUB	id:	VHN-405358
db:	VULMON	id:	CVE-2022-20805
db:	CNNVD	id:	CNNVD-202204-3903
db:	NVD	id:	CVE-2022-20805

LAST UPDATE DATE

2024-08-14T14:49:52.313000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405358	date:	2022-05-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-3903	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-20805	date:	2023-11-07T03:43:00.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405358	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-3903	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2022-20805	date:	2022-04-21T19:15:08.847