ID

VAR-202206-1232


CVE

CVE-2022-20736


TITLE

Cisco AppDynamics Controller Software  Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011607

DESCRIPTION

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. Cisco AppDynamics Controller Software Exists in a vulnerability related to the lack of authentication.Information may be obtained. Cisco AppDynamics Controller monitors and analyzes full-stack data through precise tracking and analysis across highly distributed application environments

Trust: 1.8

sources: NVD: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // VULHUB: VHN-405289 // VULMON: CVE-2022-20736

AFFECTED PRODUCTS

vendor:ciscomodel:appdynamics controllerscope:ltversion:21.4.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco appdynamics controllerscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco appdynamics controllerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011607 // NVD: CVE-2022-20736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20736
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20736
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20736
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-1536
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405289
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20736
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405289
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20736
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-20736
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736 // NVD: CVE-2022-20736

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-939

Trust: 1.0

problemtype:Lack of authentication (CWE-862) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405289 // JVNDB: JVNDB-2022-011607 // NVD: CVE-2022-20736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1536

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1536

PATCH

title:cisco-sa-appd-contrl-athzn-bp-BLypgsbuurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu

Trust: 0.8

title:Cisco AppDynamics Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198124

Trust: 0.6

title:Cisco: Cisco AppDynamics Controller Authorization Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-appd-contrl-athzn-bp-BLypgsbu

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536

EXTERNAL IDS

db:NVDid:CVE-2022-20736

Trust: 3.4

db:JVNDBid:JVNDB-2022-011607

Trust: 0.8

db:CNNVDid:CNNVD-202206-1536

Trust: 0.7

db:CNVDid:CNVD-2022-50632

Trust: 0.1

db:VULHUBid:VHN-405289

Trust: 0.1

db:VULMONid:CVE-2022-20736

Trust: 0.1

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-appd-contrl-athzn-bp-blypgsbu

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20736

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20736/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/862.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405289 // VULMON: CVE-2022-20736 // JVNDB: JVNDB-2022-011607 // CNNVD: CNNVD-202206-1536 // NVD: CVE-2022-20736

SOURCES

db:VULHUBid:VHN-405289
db:VULMONid:CVE-2022-20736
db:JVNDBid:JVNDB-2022-011607
db:CNNVDid:CNNVD-202206-1536
db:NVDid:CVE-2022-20736

LAST UPDATE DATE

2024-08-14T15:42:23.293000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405289date:2022-06-27T00:00:00
db:VULMONid:CVE-2022-20736date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011607date:2023-08-23T05:17:00
db:CNNVDid:CNNVD-202206-1536date:2022-06-30T00:00:00
db:NVDid:CVE-2022-20736date:2023-11-07T03:42:47.803

SOURCES RELEASE DATE

db:VULHUBid:VHN-405289date:2022-06-15T00:00:00
db:VULMONid:CVE-2022-20736date:2022-06-15T00:00:00
db:JVNDBid:JVNDB-2022-011607date:2023-08-23T00:00:00
db:CNNVDid:CNNVD-202206-1536date:2022-06-15T00:00:00
db:NVDid:CVE-2022-20736date:2022-06-15T18:15:08.857