CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20784

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.7%

CVSS Severity

CVSS v3 Score 5.8

CVSS v2 Score 5.0

References

Products affected by CVE-2022-20784

Cisco » Web Security Appliance » Version: 11.7.0

cpe:2.3:a:cisco:web_security_appliance:11.7.0
Cisco » Web Security Appliance » Version: 11.7.0-256

cpe:2.3:a:cisco:web_security_appliance:11.7.0-256
Cisco » Web Security Appliance » Version: 11.7.0-fcs-334

cpe:2.3:a:cisco:web_security_appliance:11.7.0-fcs-334
Cisco » Web Security Appliance » Version: 11.7.2-011

cpe:2.3:a:cisco:web_security_appliance:11.7.2-011
Cisco » Web Security Appliance » Version: 11.8.0

cpe:2.3:a:cisco:web_security_appliance:11.8.0
Cisco » Web Security Appliance » Version: 11.8.0-382

cpe:2.3:a:cisco:web_security_appliance:11.8.0-382
Cisco » Web Security Appliance » Version: 11.8.0-429

cpe:2.3:a:cisco:web_security_appliance:11.8.0-429
Cisco » Web Security Appliance » Version: 11.8.0-453

cpe:2.3:a:cisco:web_security_appliance:11.8.0-453
Cisco » Web Security Appliance » Version: 12.0

cpe:2.3:a:cisco:web_security_appliance:12.0
Cisco » Web Security Appliance » Version: 12.0.1-268

cpe:2.3:a:cisco:web_security_appliance:12.0.1-268
Cisco » Web Security Appliance » Version: 12.0.5-011

cpe:2.3:a:cisco:web_security_appliance:12.0.5-011
Cisco » Web Security Appliance » Version: 12.5

cpe:2.3:a:cisco:web_security_appliance:12.5
Cisco » Web Security Appliance » Version: 12.5.0-722

cpe:2.3:a:cisco:web_security_appliance:12.5.0-722
Cisco » Web Security Appliance » Version: 12.5.1-011

cpe:2.3:a:cisco:web_security_appliance:12.5.1-011
Cisco » Web Security Appliance » Version: 12.5.1-043

cpe:2.3:a:cisco:web_security_appliance:12.5.1-043
Cisco » Web Security Appliance » Version: 12.5.2-011

cpe:2.3:a:cisco:web_security_appliance:12.5.2-011
Cisco » Web Security Appliance » Version: 12.5.4-005

cpe:2.3:a:cisco:web_security_appliance:12.5.4-005
Cisco » Web Security Appliance » Version: 12.5.6

cpe:2.3:a:cisco:web_security_appliance:12.5.6
Cisco » Web Security Appliance » Version: 12.7.0-033

cpe:2.3:a:cisco:web_security_appliance:12.7.0-033
Cisco » Web Security Appliance » Version: 14.0

cpe:2.3:a:cisco:web_security_appliance:14.0
Cisco » Web Security Appliance » Version: 14.0.0

cpe:2.3:a:cisco:web_security_appliance:14.0.0
Cisco » Web Security Appliance » Version: 14.0.0-418

cpe:2.3:a:cisco:web_security_appliance:14.0.0-418
Cisco » Web Security Appliance » Version: 14.0.1-033

cpe:2.3:a:cisco:web_security_appliance:14.0.1-033
Cisco » Web Security Appliance » Version: 14.0.1-053

cpe:2.3:a:cisco:web_security_appliance:14.0.1-053
Cisco » Web Security Appliance » Version: N/A

cpe:2.3:h:cisco:web_security_appliance:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20784

Products

Pricing

Contact Us