CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.

CVSS v3 7.7 HIGH
CVSS v2.0 3.5 LOW

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:email_security_appliance::::::::
	cpe:2.3:a:cisco:secure_email_and_web_manager::::::::
	cpe:2.3:a:cisco:secure_email_and_web_manager::::::::

History

No history.

Information

Published : 2022-06-15 18:15

Updated : 2023-11-07 03:42

NVD link : CVE-2022-20664

Mitre link : CVE-2022-20664

CVE.ORG link : CVE-2022-20664

JSON object : View

Products Affected

cisco

email_security_appliance
secure_email_and_web_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2022-20664", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2022-06-15T18:15:08.690", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Secure Email and Web Manager, anteriormente Cisco Security Management Appliance (SMA), y Cisco Email Security Appliance (ESA) podr\u00eda permitir a un atacante remoto autenticado recuperar informaci\u00f3n confidencial de un servidor de autenticaci\u00f3n externa Lightweight Directory Access Protocol (LDAP) conectado a un dispositivo afectado. Esta vulnerabilidad es debido a una falta de saneo de entrada apropiado mientras es consultado el servidor de autenticaci\u00f3n externo. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una consulta dise\u00f1ada mediante una p\u00e1gina web de autenticaci\u00f3n externa. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante conseguir acceso a informaci\u00f3n confidencial, incluyendo credenciales de usuario del servidor de autenticaci\u00f3n externa. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda credenciales v\u00e1lidas a nivel de operador (o superior)"}], "lastModified": "2023-11-07T03:42:33.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB25A0C-F9B4-4FDF-B901-B60EE2D82AFC", "versionEndExcluding": "14.0.2-020"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CF760A-B9CF-411D-9FF8-F2A4DD4C0EDF", "versionEndExcluding": "13.6.2-090"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7063B0F3-C6BD-4F53-9066-CEFB539BC36D", "versionEndExcluding": "14.1.0-227", "versionStartIncluding": "14.1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}

7.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-20664

7.7^/10

3.5^/10

Attach tags to `CVE-2022-20664`