CVE-2022-20675

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*

History

14 Apr 2022, 15:20

Type Values Removed Values Added
CPE cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager:-:*:*:*:*:*:*:*
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CWE NVD-CWE-noinfo

06 Apr 2022, 19:22

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-06 19:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-20675

Mitre link : CVE-2022-20675

CVE.ORG link : CVE-2022-20675


JSON object : View

Products Affected

cisco

  • secure_email_and_web_manager
  • web_security_appliance
  • asyncos
  • email_security_appliance
CWE
NVD-CWE-noinfo CWE-248

Uncaught Exception