Vulnerability Description
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Email Security Appliance Firmware | >= 13.5.1, < 14.0.3-015 |
| Cisco | Email Security Appliance | - |
| Cisco | Secure Email And Web Manager Firmware | >= 14.2, < 14.2.0-217 |
| Cisco | Secure Email And Web Manager | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
FAQ
What is CVE-2022-20772?
CVE-2022-20772 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vul...
How severe is CVE-2022-20772?
CVE-2022-20772 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20772?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Email Security Appliance Firmware, Cisco Email Security Appliance, Cisco Secure Email And Web Manager Firmware, Cisco Secure Email And Web Manager.