CVE-2022-20805

Published: Apr 21, 2022

Modified: Nov 6, 2024

PUBLISHED

CVSS v3.1

4.1

MEDIUM

Description

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.

Vendor	Product	Versions
Cisco	Cisco Umbrella Insights Virtual Appliance	affected `n/a`

Weaknesses (CWE)

CWE-693

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

20220420 Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability

vendor-advisory

x_refsource_CISCO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-20805

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References