What is CVE-2022-20664?

CVE-2022-20664 is a high-severity vulnerability in Cisco Email Security Appliance (Esa), classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 7.7/10. Published 2022-06-15.

How severe is CVE-2022-20664?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Cisco Email Security Appliance (Esa)

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve s…

EPSS: 0.004 (59.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Cisco Email Security Appliance (Esa) — versions n/a

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

20220615 Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2022-20664?: CVE-2022-20664 is a high-severity vulnerability in Cisco Email Security Appliance (Esa), classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 7.7/10. Published 2022-06-15.
How severe is CVE-2022-20664?: High severity. CVSS v3 base score is 7.7 out of 10.