CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v3 Score 7.7

CVSS v2 Score 3.5

References

Products affected by CVE-2022-20664

Cisco » Email Security Appliance » Version: N/A

cpe:2.3:a:cisco:email_security_appliance:-
Cisco » Email Security Appliance » Version: 10.0.0-203

cpe:2.3:a:cisco:email_security_appliance:10.0.0-203
Cisco » Email Security Appliance » Version: 10.0.0-232

cpe:2.3:a:cisco:email_security_appliance:10.0.0-232
Cisco » Email Security Appliance » Version: 10.1.0-049

cpe:2.3:a:cisco:email_security_appliance:10.1.0-049
Cisco » Email Security Appliance » Version: 11.0.1-hp5-602

cpe:2.3:a:cisco:email_security_appliance:11.0.1-hp5-602
Cisco » Email Security Appliance » Version: 11.1.0-131

cpe:2.3:a:cisco:email_security_appliance:11.1.0-131
Cisco » Email Security Appliance » Version: 11.1.0-404

cpe:2.3:a:cisco:email_security_appliance:11.1.0-404
Cisco » Email Security Appliance » Version: 11.1.2

cpe:2.3:a:cisco:email_security_appliance:11.1.2
Cisco » Email Security Appliance » Version: 11.1.2-023

cpe:2.3:a:cisco:email_security_appliance:11.1.2-023
Cisco » Email Security Appliance » Version: 11.1.8-076

cpe:2.3:a:cisco:email_security_appliance:11.1.8-076
Cisco » Email Security Appliance » Version: 12.0.0

cpe:2.3:a:cisco:email_security_appliance:12.0.0
Cisco » Email Security Appliance » Version: 12.0.0-208

cpe:2.3:a:cisco:email_security_appliance:12.0.0-208
Cisco » Email Security Appliance » Version: 12.0.0-419

cpe:2.3:a:cisco:email_security_appliance:12.0.0-419
Cisco » Email Security Appliance » Version: 12.5.0

cpe:2.3:a:cisco:email_security_appliance:12.5.0
Cisco » Email Security Appliance » Version: 12.5.0-066

cpe:2.3:a:cisco:email_security_appliance:12.5.0-066
Cisco » Email Security Appliance » Version: 12.5.1-031

cpe:2.3:a:cisco:email_security_appliance:12.5.1-031
Cisco » Email Security Appliance » Version: 12.5.1-037

cpe:2.3:a:cisco:email_security_appliance:12.5.1-037
Cisco » Email Security Appliance » Version: 12.5.3-041

cpe:2.3:a:cisco:email_security_appliance:12.5.3-041
Cisco » Email Security Appliance » Version: 13.0

cpe:2.3:a:cisco:email_security_appliance:13.0
Cisco » Email Security Appliance » Version: 13.0.0

cpe:2.3:a:cisco:email_security_appliance:13.0.0
Cisco » Email Security Appliance » Version: 13.0.0-226

cpe:2.3:a:cisco:email_security_appliance:13.0.0-226
Cisco » Email Security Appliance » Version: 13.0.0-311

cpe:2.3:a:cisco:email_security_appliance:13.0.0-311
Cisco » Email Security Appliance » Version: 13.0.0-314

cpe:2.3:a:cisco:email_security_appliance:13.0.0-314
Cisco » Email Security Appliance » Version: 13.0.0-375

cpe:2.3:a:cisco:email_security_appliance:13.0.0-375
Cisco » Email Security Appliance » Version: 13.0.0-392

cpe:2.3:a:cisco:email_security_appliance:13.0.0-392
Cisco » Email Security Appliance » Version: 13.0.1

cpe:2.3:a:cisco:email_security_appliance:13.0.1
Cisco » Email Security Appliance » Version: 13.0.5-007

cpe:2.3:a:cisco:email_security_appliance:13.0.5-007
Cisco » Email Security Appliance » Version: 13.5.0

cpe:2.3:a:cisco:email_security_appliance:13.5.0
Cisco » Email Security Appliance » Version: 13.5.1

cpe:2.3:a:cisco:email_security_appliance:13.5.1
Cisco » Email Security Appliance » Version: 13.5.4-038

cpe:2.3:a:cisco:email_security_appliance:13.5.4-038
Cisco » Email Security Appliance » Version: 14.0.0

cpe:2.3:a:cisco:email_security_appliance:14.0.0
Cisco » Email Security Appliance » Version: 7.1.0

cpe:2.3:a:cisco:email_security_appliance:7.1.0
Cisco » Email Security Appliance » Version: 7.1.1

cpe:2.3:a:cisco:email_security_appliance:7.1.1
Cisco » Email Security Appliance » Version: 7.1.2

cpe:2.3:a:cisco:email_security_appliance:7.1.2
Cisco » Email Security Appliance » Version: 7.1.3

cpe:2.3:a:cisco:email_security_appliance:7.1.3
Cisco » Email Security Appliance » Version: 7.1.4

cpe:2.3:a:cisco:email_security_appliance:7.1.4
Cisco » Email Security Appliance » Version: 7.1.5

cpe:2.3:a:cisco:email_security_appliance:7.1.5
Cisco » Email Security Appliance » Version: 7.3.0

cpe:2.3:a:cisco:email_security_appliance:7.3.0
Cisco » Email Security Appliance » Version: 7.3.1

cpe:2.3:a:cisco:email_security_appliance:7.3.1
Cisco » Email Security Appliance » Version: 7.3.2

cpe:2.3:a:cisco:email_security_appliance:7.3.2
Cisco » Email Security Appliance » Version: 7.5.0

cpe:2.3:a:cisco:email_security_appliance:7.5.0
Cisco » Email Security Appliance » Version: 7.5.1

cpe:2.3:a:cisco:email_security_appliance:7.5.1
Cisco » Email Security Appliance » Version: 7.5.2

cpe:2.3:a:cisco:email_security_appliance:7.5.2
Cisco » Email Security Appliance » Version: 7.5.2-201

cpe:2.3:a:cisco:email_security_appliance:7.5.2-201
Cisco » Email Security Appliance » Version: 7.5.2-hp2-303

cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303
Cisco » Email Security Appliance » Version: 7.6.0

cpe:2.3:a:cisco:email_security_appliance:7.6.0
Cisco » Email Security Appliance » Version: 7.6.1-000

cpe:2.3:a:cisco:email_security_appliance:7.6.1-000
Cisco » Email Security Appliance » Version: 7.6.1-gpl-022

cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022
Cisco » Email Security Appliance » Version: 7.6.2

cpe:2.3:a:cisco:email_security_appliance:7.6.2
Cisco » Email Security Appliance » Version: 7.6.3-000

cpe:2.3:a:cisco:email_security_appliance:7.6.3-000
Cisco » Email Security Appliance » Version: 7.6.3-025

cpe:2.3:a:cisco:email_security_appliance:7.6.3-025
Cisco » Email Security Appliance » Version: 7.7.0-000

cpe:2.3:a:cisco:email_security_appliance:7.7.0-000
Cisco » Email Security Appliance » Version: 7.7.1-000

cpe:2.3:a:cisco:email_security_appliance:7.7.1-000
Cisco » Email Security Appliance » Version: 7.8.0

cpe:2.3:a:cisco:email_security_appliance:7.8.0
Cisco » Email Security Appliance » Version: 7.8.0-311

cpe:2.3:a:cisco:email_security_appliance:7.8.0-311
Cisco » Email Security Appliance » Version: 8.0.1-023

cpe:2.3:a:cisco:email_security_appliance:8.0.1-023
Cisco » Email Security Appliance » Version: 8.0_base

cpe:2.3:a:cisco:email_security_appliance:8.0_base
Cisco » Email Security Appliance » Version: 8.5.0-000

cpe:2.3:a:cisco:email_security_appliance:8.5.0-000
Cisco » Email Security Appliance » Version: 8.5.0-er1-198

cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198
Cisco » Email Security Appliance » Version: 8.5.1-021

cpe:2.3:a:cisco:email_security_appliance:8.5.1-021
Cisco » Email Security Appliance » Version: 8.5.6-052

cpe:2.3:a:cisco:email_security_appliance:8.5.6-052
Cisco » Email Security Appliance » Version: 8.5.6-073

cpe:2.3:a:cisco:email_security_appliance:8.5.6-073
Cisco » Email Security Appliance » Version: 8.5.6-074

cpe:2.3:a:cisco:email_security_appliance:8.5.6-074
Cisco » Email Security Appliance » Version: 8.5.6-106

cpe:2.3:a:cisco:email_security_appliance:8.5.6-106
Cisco » Email Security Appliance » Version: 8.5.6-113

cpe:2.3:a:cisco:email_security_appliance:8.5.6-113
Cisco » Email Security Appliance » Version: 8.5.7-042

cpe:2.3:a:cisco:email_security_appliance:8.5.7-042
Cisco » Email Security Appliance » Version: 8.6.0

cpe:2.3:a:cisco:email_security_appliance:8.6.0
Cisco » Email Security Appliance » Version: 8.6.0-011

cpe:2.3:a:cisco:email_security_appliance:8.6.0-011
Cisco » Email Security Appliance » Version: 8.9.0

cpe:2.3:a:cisco:email_security_appliance:8.9.0
Cisco » Email Security Appliance » Version: 8.9.1-000

cpe:2.3:a:cisco:email_security_appliance:8.9.1-000
Cisco » Email Security Appliance » Version: 8.9.2-032

cpe:2.3:a:cisco:email_security_appliance:8.9.2-032
Cisco » Email Security Appliance » Version: 9.0.0

cpe:2.3:a:cisco:email_security_appliance:9.0.0
Cisco » Email Security Appliance » Version: 9.0.0-212

cpe:2.3:a:cisco:email_security_appliance:9.0.0-212
Cisco » Email Security Appliance » Version: 9.0.0-461

cpe:2.3:a:cisco:email_security_appliance:9.0.0-461
Cisco » Email Security Appliance » Version: 9.0.5-000

cpe:2.3:a:cisco:email_security_appliance:9.0.5-000
Cisco » Email Security Appliance » Version: 9.1.0

cpe:2.3:a:cisco:email_security_appliance:9.1.0
Cisco » Email Security Appliance » Version: 9.1.0-011

cpe:2.3:a:cisco:email_security_appliance:9.1.0-011
Cisco » Email Security Appliance » Version: 9.1.0-032

cpe:2.3:a:cisco:email_security_appliance:9.1.0-032
Cisco » Email Security Appliance » Version: 9.1.0-101

cpe:2.3:a:cisco:email_security_appliance:9.1.0-101
Cisco » Email Security Appliance » Version: 9.1.1-000

cpe:2.3:a:cisco:email_security_appliance:9.1.1-000
Cisco » Email Security Appliance » Version: 9.1.1-036

cpe:2.3:a:cisco:email_security_appliance:9.1.1-036
Cisco » Email Security Appliance » Version: 9.4.0

cpe:2.3:a:cisco:email_security_appliance:9.4.0
Cisco » Email Security Appliance » Version: 9.4.4-000

cpe:2.3:a:cisco:email_security_appliance:9.4.4-000
Cisco » Email Security Appliance » Version: 9.5.0-000

cpe:2.3:a:cisco:email_security_appliance:9.5.0-000
Cisco » Email Security Appliance » Version: 9.5.0-201

cpe:2.3:a:cisco:email_security_appliance:9.5.0-201
Cisco » Email Security Appliance » Version: 9.6.0-000

cpe:2.3:a:cisco:email_security_appliance:9.6.0-000
Cisco » Email Security Appliance » Version: 9.6.0-042

cpe:2.3:a:cisco:email_security_appliance:9.6.0-042
Cisco » Email Security Appliance » Version: 9.6.0-051

cpe:2.3:a:cisco:email_security_appliance:9.6.0-051
Cisco » Email Security Appliance » Version: 9.7.0-125

cpe:2.3:a:cisco:email_security_appliance:9.7.0-125
Cisco » Email Security Appliance » Version: 9.7.1-066

cpe:2.3:a:cisco:email_security_appliance:9.7.1-066
Cisco » Email Security Appliance » Version: 9.7.1-hp2-207

cpe:2.3:a:cisco:email_security_appliance:9.7.1-hp2-207
Cisco » Email Security Appliance » Version: 9.7.2-065

cpe:2.3:a:cisco:email_security_appliance:9.7.2-065
Cisco » Email Security Appliance » Version: 9.8.5-085

cpe:2.3:a:cisco:email_security_appliance:9.8.5-085
Cisco » Email Security Appliance » Version: 9.9.6-026

cpe:2.3:a:cisco:email_security_appliance:9.9.6-026
Cisco » Email Security Appliance » Version: 9.9_base

cpe:2.3:a:cisco:email_security_appliance:9.9_base
Cisco » Secure Email And Web Manager » Version: N/A

cpe:2.3:a:cisco:secure_email_and_web_manager:-
Cisco » Secure Email And Web Manager » Version: 12.0.0

cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.0
Cisco » Secure Email And Web Manager » Version: 12.5.0

cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0
Cisco » Secure Email And Web Manager » Version: 12.8.1-021

cpe:2.3:a:cisco:secure_email_and_web_manager:12.8.1-021
Cisco » Secure Email And Web Manager » Version: 14.1.0

cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20664

Products

Pricing

Contact Us