CVE-2022-20805

Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability

Description

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.

References

Link	Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-20805?: CVE-2022-20805 has been scored as a medium severity vulnerability.
How to fix CVE-2022-20805?: To fix CVE-2022-20805, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-20805 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-20805 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-20805?: CVE-2022-20805 affects Cisco Cisco Umbrella Insights Virtual Appliance.

Description

Categories

CWE-693 – Protection Mechanism Failure

CWE-327 – Use of a Broken or Risky Cryptographic Algorithm

References

Frequently Asked Questions