CVE-2022-20772
Last modified
CVE-2022-20772 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Email Security Appliance Firmware | >= 13.5.1, < 14.0.3-015 |
| Cisco | Email Security Appliance Firmware | >= 14.1, < 14.2.1-015 |
| Cisco | Email Security Appliance Firmware | >= 14.3, < 14.3.0-023 |
| Cisco | Secure Email And Web Manager Firmware | >= 14.2, < 14.2.0-217 |
| Cisco | Secure Email And Web Manager Firmware | >= 14.3, < 14.3.0-115 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-20772?
How severe is CVE-2022-20772?
How do I fix CVE-2022-20772?
Are you affected by CVE-2022-20772?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST