What is CVE-2022-1254?

CVE-2022-1254 is a URL redirection vulnerability in Skyhigh SWG that allows a remote attacker to redirect a user to a malicious website.

How severe is CVE-2022-1254?

CVE-2022-1254 has a severity rating of 6.1, which is considered medium.

How can an attacker exploit CVE-2022-1254?

An attacker can exploit CVE-2022-1254 by redirecting a user to a malicious website controlled by the attacker.

How can I fix CVE-2022-1254?

To fix CVE-2022-1254, update Skyhigh SWG to the latest version, which is 10.2.9 for main releases, 9.2.20 for 9.x releases, 8.2.27 for 8.x releases, 7.8.2.31 for 7.x releases, and 11.1.3 for controlled releases.

Vulnerability/
CVE-2022-1254

medium

6.1

CWE

601

20/4/2022

2/8/2024

CVE-2022-1254: SWG URL redirection vulnerability

Q: Which versions of Skyhigh SWG are affected by CVE-2022-1254?

Main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 of Skyhigh SWG are affected.

First published: Wed Apr 20 2022(Updated: )

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
McAfee Web Gateway	>=7.0.0<7.8.2.31
McAfee Web Gateway	>=8.0.0<8.2.27
McAfee Web Gateway	>=9.0.0<9.2.20
McAfee Web Gateway	>=10.0.0<10.2.9
McAfee Web Gateway	>=11.0.0<11.1.3

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10381

Never miss a vulnerability like this again

Reference Links

https://kc.mcafee.com/corporate/index?page=content&id=SB10381

Frequently Asked Questions

What is CVE-2022-1254?
CVE-2022-1254 is a URL redirection vulnerability in Skyhigh SWG that allows a remote attacker to redirect a user to a malicious website.
Which versions of Skyhigh SWG are affected by CVE-2022-1254?
Main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 of Skyhigh SWG are affected.
How severe is CVE-2022-1254?
CVE-2022-1254 has a severity rating of 6.1, which is considered medium.
How can an attacker exploit CVE-2022-1254?
An attacker can exploit CVE-2022-1254 by redirecting a user to a malicious website controlled by the attacker.
How can I fix CVE-2022-1254?
To fix CVE-2022-1254, update Skyhigh SWG to the latest version, which is 10.2.9 for main releases, 9.2.20 for 9.x releases, 8.2.27 for 8.x releases, 7.8.2.31 for 7.x releases, and 11.1.3 for controlled releases.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/title
agent/severity
agent/remedy
agent/weakness
agent/description
agent/event
agent/tags
agent/first-publish-date
vendor/mcafee
canonical/mcafee web gateway
version/mcafee web gateway/7.0.0
version/mcafee web gateway/8.0.0
version/mcafee web gateway/9.0.0
version/mcafee web gateway/10.0.0
version/mcafee web gateway/11.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.