Sign-up

ID

VAR-202207-1759


CVE

CVE-2022-2310


TITLE

skyhighsecurity  of  secure web gateway  Spoofing authentication evasion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-013876

DESCRIPTION

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. skyhighsecurity of secure web gateway Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-2310 // JVNDB: JVNDB-2022-013876 // VULHUB: VHN-430231 // VULMON: CVE-2022-2310

AFFECTED PRODUCTS

vendor:skyhighsecuritymodel:secure web gatewayscope:gteversion:11.0.0

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:ltversion:9.2.23

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:gteversion:10.0.0

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:ltversion:11.2.1

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:gteversion:8.0.0

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:ltversion:10.2.12

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:ltversion:8.2.28

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:gteversion:9.0.0

Trust: 1.0

vendor:skyhighsecuritymodel:secure web gatewayscope:eqversion:11.0.0 that's all 11.2.1

Trust: 0.8

vendor:skyhighsecuritymodel:secure web gatewayscope:eqversion:10.0.0 that's all 10.2.12

Trust: 0.8

vendor:skyhighsecuritymodel:secure web gatewayscope:eqversion:8.0.0 that's all 8.2.28

Trust: 0.8

vendor:skyhighsecuritymodel:secure web gatewayscope:eqversion: -

Trust: 0.8

vendor:skyhighsecuritymodel:secure web gatewayscope:eqversion:9.0.0 that's all 9.2.23

Trust: 0.8

vendor:skyhighsecuritymodel:secure web gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-013876 // NVD: CVE-2022-2310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2310
value: CRITICAL

Trust: 1.0

trellixpsirt@trellix.com: CVE-2022-2310
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-2310
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202207-2406
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-2310
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

trellixpsirt@trellix.com: CVE-2022-2310
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-2310
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013876 // CNNVD: CNNVD-202207-2406 // NVD: CVE-2022-2310 // NVD: CVE-2022-2310

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.1

problemtype:Avoid authentication by spoofing (CWE-290) [ others ]

Trust: 0.8

sources: VULHUB: VHN-430231 // JVNDB: JVNDB-2022-013876 // NVD: CVE-2022-2310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2406

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2406

EXTERNAL IDS

db:NVDid:CVE-2022-2310

Trust: 3.4

db:MCAFEEid:SB10384

Trust: 0.9

db:JVNDBid:JVNDB-2022-013876

Trust: 0.8

db:CNNVDid:CNNVD-202207-2406

Trust: 0.6

db:VULHUBid:VHN-430231

Trust: 0.1

db:VULMONid:CVE-2022-2310

Trust: 0.1

sources: VULHUB: VHN-430231 // VULMON: CVE-2022-2310 // JVNDB: JVNDB-2022-013876 // CNNVD: CNNVD-202207-2406 // NVD: CVE-2022-2310

REFERENCES

url:https://kcm.trellix.com/corporate/index?page=content&id=sb10384&actp=null&viewlocale=en_us&showdraft=false&platinum_status=false&locale=en_us

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-2310

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2310/

Trust: 0.6

url:https://vigilance.fr/vulnerability/skyhigh-secure-web-gateway-two-vulnerabilities-38917

Trust: 0.6

url:https://kcm.trellix.com/corporate/index?page=content&id=sb10384&actp=null&viewlocale=en_us&showdraft=false&platinum_status=false&locale=en_us

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/290.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-430231 // VULMON: CVE-2022-2310 // JVNDB: JVNDB-2022-013876 // CNNVD: CNNVD-202207-2406 // NVD: CVE-2022-2310

SOURCES

db:VULHUBid:VHN-430231
db:VULMONid:CVE-2022-2310
db:JVNDBid:JVNDB-2022-013876
db:CNNVDid:CNNVD-202207-2406
db:NVDid:CVE-2022-2310

LAST UPDATE DATE

2024-08-14T15:37:29.993000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-430231date:2022-08-02T00:00:00
db:VULMONid:CVE-2022-2310date:2022-07-27T00:00:00
db:JVNDBid:JVNDB-2022-013876date:2023-09-12T08:20:00
db:CNNVDid:CNNVD-202207-2406date:2022-08-10T00:00:00
db:NVDid:CVE-2022-2310date:2023-11-15T19:22:53.120

SOURCES RELEASE DATE

db:VULHUBid:VHN-430231date:2022-07-27T00:00:00
db:VULMONid:CVE-2022-2310date:2022-07-27T00:00:00
db:JVNDBid:JVNDB-2022-013876date:2023-09-12T00:00:00
db:CNNVDid:CNNVD-202207-2406date:2022-07-26T00:00:00
db:NVDid:CVE-2022-2310date:2022-07-27T10:15:08.280