Cyber Resilience

CVE-2022-20675

Medium

Published: 06 April 2022

Published
06 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0127 79.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20675 is a medium-severity Uncaught Exception (CWE-248) vulnerability in Cisco Asyncos. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 20.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management…

more

Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
asyncos
14.0 — 14.02.0-020 · 12.5 — 14.1.0-239 · 12.0 — 14.0.2-012

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-248

Prevents abrupt termination from uncaught exceptions by requiring a defined, preserved-state failure mode.

addresses: CWE-248

Requires pre-defined safe responses for uncaught exceptions so they do not result in undefined or insecure program termination.

References