What is CVE-2022-20798?

CVE-2022-20798 is a critical-severity vulnerability in Cisco Email Security Appliance (Esa), classified under Improper Authentication. CVSS score: 9.8/10. Published 2022-06-15.

How severe is CVE-2022-20798?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Cisco Email Security Appliance (Esa)

CVE-2022-20798

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot…

Vulnerability class: Broken Authentication

EPSS: 0.013 (80.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Email Security Appliance (Esa) — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

20220615 Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2022-20798?: CVE-2022-20798 is a critical-severity vulnerability in Cisco Email Security Appliance (Esa), classified under Improper Authentication. CVSS score: 9.8/10. Published 2022-06-15.
How severe is CVE-2022-20798?: Critical severity. CVSS v3 base score is 9.8 out of 10.