First published: Wed Apr 06 2022(Updated: )
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Web Security Appliance | >=11.7.0<14.0.2 | |
Cisco Web Security Appliance |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-20784.
The affected software is Cisco Web Security Appliance (WSA) running AsyncOS Software.
The severity of CVE-2022-20784 is medium (5.3).
CVE-2022-20784 allows an unauthenticated, remote attacker to bypass web request policies and access blocked content on an affected Cisco Web Security Appliance.
Yes, Cisco has released a security advisory with mitigation details for this vulnerability. Please refer to the provided reference for more information.