{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T06:21:15.755","vulnerabilities":[{"cve":{"id":"CVE-2022-20798","sourceIdentifier":"psirt@cisco.com","published":"2022-06-15T18:15:08.927","lastModified":"2024-11-21T06:43:34.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad de autenticación externa de Cisco Secure Email and Web Manager, anteriormente conocido como Cisco Security Management Appliance (SMA), y Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado saltarse la autenticación e iniciar sesión en la interfaz de administración web de un dispositivo afectado. Esta vulnerabilidad es debido a la comprobación inapropiada de la autenticación cuando un dispositivo afectado usa el protocolo ligero de acceso a directorios (LDAP) para la autenticación externa. Un atacante podría explotar esta vulnerabilidad al introducir una entrada específica en la página de inicio de sesión del dispositivo afectado. Una explotación con éxito podría permitir al atacante conseguir acceso no autorizado a la interfaz de administración basada en la web del dispositivo afectado"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.1-033","matchCriteriaId":"15A92F36-A447-4D75-8901-16BB26A07409"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:email_security_appliance:7.1.5:*:*:*:*:*:*:*","matchCriteriaId":"C08DF98F-D463-444A-9C99-3D9F598AD35D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.0.0-277","matchCriteriaId":"8C3C04CF-D46C-4946-BB05-39A7EAF30333"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.6","versionEndExcluding":"13.6.2-090","matchCriteriaId":"F6F1DD56-8E14-4F1E-8EEA-E954AEDD9BD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.8","versionEndExcluding":"13.8.1-090","matchCriteriaId":"E2A7803E-DC79-4383-8A8E-EE9092DC4D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.0-418","matchCriteriaId":"10D68CC9-4286-4926-B2D1-877BED8E0DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1","versionEndExcluding":"14.1.0-250","matchCriteriaId":"7A80FC65-5A33-48DC-8B2C-8131024D4D05"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}