CVE-2022-20805

Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability

Severity Score

4.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.

Una vulnerabilidad en el proceso de descifrado automático en Cisco Umbrella Secure Web Gateway (SWG) podría permitir a un atacante autenticado y adyacente omitir el descifrado SSL y las políticas de filtrado de contenidos en un sistema afectado. Esta vulnerabilidad es debido a la forma en que la función de descifrado usa la extensión TLS Sever Name Indication (SNI) de una petición HTTP para detectar el dominio de destino y determinar si es necesario descifrar la petición. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada sobre TLS desde un cliente a una URL desconocida o controlada. Una explotación con éxito podría permitir a un atacante omitir el proceso de descifrado de Cisco Umbrella SWG y permitir una descarga de contenido malicioso a un host en una red protegida. Se presentan medidas de mitigación que abordan esta vulnerabilidad

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-11-02 CVE Reserved
2022-04-21 CVE Published
2023-11-12 EPSS Updated
2024-11-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-693: Protection Mechanism Failure

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Umbrella Secure Web Gateway Search vendor "Cisco" for product "Umbrella Secure Web Gateway"				*		-		Affected