Rewterz Threat Advisory – CVE-2022-20952 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerability

Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20939 – Cisco Smart Software Manager On-Prem Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20952 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-20952

Cisco AsyncOS Software for Cisco Secure Web Appliance could allow a remote attacker to bypass security restrictions, caused by improper detection of specially-crafted, encoded traffic by the scanning engines. By connecting through an affected device to a malicious server and receiving specially-crafted HTTP responses, an attacker could exploit this vulnerability to bypass an explicit block rule and receive traffic that should have been rejected by the device.

Impact

Security Bypass

Indicators Of Compromise

CVE

CVE-2022-20952

Affected Vendors

Cisco

Affected Products

Cisco AsyncOS for Secure Web Appliance

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability

Rewterz Threat Advisory – CVE-2022-20939 – Cisco Smart Software Manager On-Prem Vulnerability

Rewterz Threat Advisory – CVE-2022-20952 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan