Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities
CVE numbers CVE-2022-20867 and CVE-2022-20868
Multiple vulnerabilities in the next-generation UI management interface for Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an attacker to elevate privileges or to conduct a SQL injection attack and obtain root privileges.
Affected Products
CVE-2022-20868 affects Cisco ESA and Cisco Secure Email and Web Manager.
CVE-2022-20867 affects Cisco ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance.
CVE-2022-20867: Cisco ESA and Cisco Secure Email and Web Manager Next Generation Management SQL Injection Vulnerability
A vulnerability in the next-generation UI management interface of Cisco ESA and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. To exploit this vulnerability, an attacker would need to have the credentials of a high-privileged user account.
This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2022-20868: Cisco ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Privilege Escalation Vulnerability
A vulnerability in the next-generation UI management interface of Cisco ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to the use of a hard-coded value to encrypt a token that is used for certain API calls. An attacker could exploit this vulnerability by authenticating to an affected device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.