Cisco Products Multiple Vulnerabilities

Impact

• Denial of Service
• Cross-Site Scripting
• Security Restriction Bypass

System / Technologies affected

• Email Security Appliance Cisco AsyncOS Version 14.0

• Secure Email and Web Manager Cisco AsyncOS Version 12.5 and earlier
• Secure Email and Web Manager Cisco AsyncOS Version 13.8.1
• Secure Email and Web Manager Cisco AsyncOS Version 14.0
• Secure Email and Web Manager Cisco AsyncOS Version 14.1
• Web Security Appliance Cisco AsyncOS Version 11.7
• Web Security Appliance Cisco AsyncOS Version 11.8
• Web Security Appliance Cisco AsyncOS Version 12.0
• Web Security Appliance Cisco AsyncOS Version 12.5
• Web Security Appliance Cisco AsyncOS Version 14.0
• Web Security Appliance Cisco AsyncOS Version 14.1 and earlier

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-stored-xss-XPsJghMY

Vulnerability Identifier

• CVE-2022-20675
• CVE-2022-20781
• CVE-2022-20784

Source

• AusCERT
• Cisco

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.1492
• https://www.auscert.org.au/bulletins/ESB-2022.1493
• https://www.auscert.org.au/bulletins/ESB-2022.1495
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-stored-xss-XPsJghMY