ID

VAR-202204-0619


CVE

CVE-2022-20805


TITLE

Cisco Umbrella Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

DESCRIPTION

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6

Trust: 1.08

sources: NVD: CVE-2022-20805 // VULHUB: VHN-405358 // VULMON: CVE-2022-20805

AFFECTED PRODUCTS

vendor:ciscomodel:umbrella secure web gatewayscope:eqversion:*

Trust: 1.0

sources: NVD: CVE-2022-20805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20805
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20805
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202204-3903
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405358
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-20805
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-405358
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20805
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-405358 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805 // NVD: CVE-2022-20805

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

sources: NVD: CVE-2022-20805

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3903

PATCH

title:Cisco Umbrella Fixes for encryption problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247259

Trust: 0.6

title:Cisco: Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-uswg-fdbps-xtTRKpp6

Trust: 0.1

sources: VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903

EXTERNAL IDS

db:NVDid:CVE-2022-20805

Trust: 1.8

db:CS-HELPid:SB2022042123

Trust: 0.6

db:CNNVDid:CNNVD-202204-3903

Trust: 0.6

db:CNVDid:CNVD-2022-46476

Trust: 0.1

db:VULHUBid:VHN-405358

Trust: 0.1

db:VULMONid:CVE-2022-20805

Trust: 0.1

sources: VULHUB: VHN-405358 // VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-uswg-fdbps-xttrkpp6

Trust: 2.4

url:https://cxsecurity.com/cveshow/cve-2022-20805/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042123

Trust: 0.6

sources: VULHUB: VHN-405358 // VULMON: CVE-2022-20805 // CNNVD: CNNVD-202204-3903 // NVD: CVE-2022-20805

SOURCES

db:VULHUBid:VHN-405358
db:VULMONid:CVE-2022-20805
db:CNNVDid:CNNVD-202204-3903
db:NVDid:CVE-2022-20805

LAST UPDATE DATE

2024-08-14T14:49:52.313000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405358date:2022-05-04T00:00:00
db:CNNVDid:CNNVD-202204-3903date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20805date:2023-11-07T03:43:00.027

SOURCES RELEASE DATE

db:VULHUBid:VHN-405358date:2022-04-21T00:00:00
db:CNNVDid:CNNVD-202204-3903date:2022-04-20T00:00:00
db:NVDid:CVE-2022-20805date:2022-04-21T19:15:08.847