Cisco Secure Email: Hardcoded Token Key Allows Priv Escalation
CVE-2022-20868 Published on November 4, 2022

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.

NVD

Vulnerability Analysis

CVE-2022-20868 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Products Associated with CVE-2022-20868

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-20868 are published in Cisco Email Security Appliance:

Cisco Email Security Appliance

Affected Versions

Cisco Secure Web Appliance:

Version 11.8.0-414 is affected.
Version 11.8.1-023 is affected.
Version 11.8.3-018 is affected.
Version 11.8.3-021 is affected.
Version 12.0.1-268 is affected.
Version 12.0.3-007 is affected.
Version 12.5.2-007 is affected.
Version 12.5.1-011 is affected.
Version 12.5.4-005 is affected.
Version 14.5.0-498 is affected.
Version 14.0.2-012 is affected.

Cisco Secure Email:

Version 13.0.0-392 is affected.
Version 13.5.1-277 is affected.
Version 14.0.0-698 is affected.
Version 14.2.0-620 is affected.

Cisco Secure Email and Web Manager:

Version 12.0.0-452 is affected.
Version 12.0.1-011 is affected.
Version 12.5.0-636 is affected.
Version 12.5.0-658 is affected.
Version 12.5.0-678 is affected.
Version 12.5.0-670 is affected.
Version 13.0.0-277 is affected.
Version 13.6.2-078 is affected.
Version 13.8.1-068 is affected.
Version 13.8.1-074 is affected.
Version 12.8.1-002 is affected.
Version 14.0.0-404 is affected.
Version 14.1.0-223 is affected.
Version 14.1.0-227 is affected.

Exploit Probability

EPSS

0.29%

Percentile

52.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.