CVE-2022-20738

MEDIUM

Cisco Umbrella - Auth Bypass

Title source: llm

Description

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.

References (1)

[Mitigation, Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swg-fbyps-3z4qT7p

Scores

CVSS v3 5.8

EPSS 0.0127

EPSS Percentile 79.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Classification

CWE

CWE-693

Status published

Affected Products (1)

cisco/umbrella_secure_web_gateway

Timeline

Published Feb 10, 2022

Tracked Since Feb 18, 2026