Details of VAR-202206-1232

ID

VAR-202206-1232

CVE

CVE-2022-20736

TITLE

Cisco AppDynamics Controller Software Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011607

DESCRIPTION

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. Cisco AppDynamics Controller Software Exists in a vulnerability related to the lack of authentication.Information may be obtained. Cisco AppDynamics Controller monitors and analyzes full-stack data through precise tracking and analysis across highly distributed application environments

Trust: 1.8

sources: NVD: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // VULHUB: VHN-405289 // VULMON: CVE-2022-20736

AFFECTED PRODUCTS

vendor:	cisco	model:	appdynamics controller	scope:	lt	version:	21.4.7	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco appdynamics controller	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco appdynamics controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011607 // NVD: CVE-2022-20736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20736
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20736
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20736
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202206-1536
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405289
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20736
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20736
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405289
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20736
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20736
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736 // NVD: CVE-2022-20736

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-939	Trust: 1.0
problemtype:	Lack of authentication (CWE-862) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405289 // JVNDB: JVNDB-2022-011607 // NVD: CVE-2022-20736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1536

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1536

PATCH

title:	cisco-sa-appd-contrl-athzn-bp-BLypgsbu	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu	Trust: 0.8
title:	Cisco AppDynamics Controller Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198124	Trust: 0.6
title:	Cisco: Cisco AppDynamics Controller Authorization Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-appd-contrl-athzn-bp-BLypgsbu	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20736	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011607	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-1536	Trust: 0.7
db:	CNVD	id:	CNVD-2022-50632	Trust: 0.1
db:	VULHUB	id:	VHN-405289	Trust: 0.1
db:	VULMON	id:	CVE-2022-20736	Trust: 0.1

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-appd-contrl-athzn-bp-blypgsbu	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20736	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20736/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736

SOURCES

db:	VULHUB	id:	VHN-405289
db:	VULMON	id:	CVE-2022-20736
db:	JVNDB	id:	JVNDB-2022-011607
db:	CNNVD	id:	CNNVD-202206-1536
db:	NVD	id:	CVE-2022-20736

LAST UPDATE DATE

2024-08-14T15:42:23.293000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405289	date:	2022-06-27T00:00:00
db:	VULMON	id:	CVE-2022-20736	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011607	date:	2023-08-23T05:17:00
db:	CNNVD	id:	CNNVD-202206-1536	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2022-20736	date:	2023-11-07T03:42:47.803

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405289	date:	2022-06-15T00:00:00
db:	VULMON	id:	CVE-2022-20736	date:	2022-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-011607	date:	2023-08-23T00:00:00
db:	CNNVD	id:	CNNVD-202206-1536	date:	2022-06-15T00:00:00
db:	NVD	id:	CVE-2022-20736	date:	2022-06-15T18:15:08.857