A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. 

- an SQL injection vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks   as root on an affected system. To exploit this vulnerability, an attacker would need to have the credentials of a   high-privileged user account. (CVE-2022-20867)

- a privilege escalation vulnerability that could allow an authenticated, remote attacker to elevate privileges   on an affected system. This vulnerability is due to the use of a hard-coded value to encrypt a token that is used   for certain API calls. An attacker could exploit this vulnerability by authenticating to an affected device and   sending a crafted HTTP request. (CVE-2022-20868)  

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco Secure Web Appliance is affected by a privilege escalation vulnerability thathat could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the use of a hard-coded value to encrypt a token that is used for certain API calls. An attacker could exploit this vulnerability by authenticating to an affected device and sending a crafted HTTP request.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco Email Security Appliance is affected by multiple vulnerabilities. 

  - an SQL injection vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks     as root on an affected system. To exploit this vulnerability, an attacker would need to have the credentials of a     high-privileged user account. (CVE-2022-20867)

  - a privilege escalation vulnerability that could allow an authenticated, remote attacker to elevate privileges     on an affected system. This vulnerability is due to the use of a hard-coded value to encrypt a token that is used     for certain API calls. An attacker could exploit this vulnerability by authenticating to an affected device and     sending a crafted HTTP request. (CVE-2022-20868)  

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

ID	Name	Product	Family	Severity
166913	Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esasmawsa-vulns-YRuSW5mD)	Nessus	CISCO	high
166912	Cisco Secure Web Appliance Privilege Escalation (cisco-sa-esasmawsa-vulns-YRuSW5mD)	Nessus	CISCO	high
166911	Cisco Email Security Appliance Multiple Vulnerabilities (cisco-sa-esasmawsa-vulns-YRuSW5mD)	Nessus	CISCO	high

Detections

Analytics

CVE-2022-20868

high

Tenable Plugins

high

high

high