Rewterz Threat Advisory – CVE-2022-20952 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-20952 

Cisco AsyncOS Software for Cisco Secure Web Appliance could allow a remote attacker to bypass security restrictions, caused by improper detection of specially-crafted, encoded traffic by the scanning engines. By connecting through an affected device to a malicious server and receiving specially-crafted HTTP responses, an attacker could exploit this vulnerability to bypass an explicit block rule and receive traffic that should have been rejected by the device.

Impact

Security Bypass

Indicators Of Compromise

CVE

• CVE-2022-20952

Affected Vendors

Cisco

Affected Products

Cisco AsyncOS for Secure Web Appliance

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory