How severe is CVE-2022-20713?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-20713?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2022-20713

MEDIUM Year: 2022

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-444

View all →

Vulnerability Description

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device.

CVE-2017-7559

MEDIUM

CVSS:6.1(Medium)

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in th...

CWE-4442017

CVE-2018-7068

MEDIUM

CVSS:6.1(Medium)

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.

CWE-4442018

CVE-2020-7655

MEDIUM

CVSS:6.1(Medium)

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could al...

CWE-4442020

CVE-2020-7658

MEDIUM

CVSS:6.1(Medium)

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header par...

CWE-4442020

CVE-2019-19326

MEDIUM

CVSS:5.9(Medium)

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Origin...

CWE-4442019

CVE-2021-21295

MEDIUM

CVSS:5.9(Medium)

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2...

CWE-4442021

CVE-2022-20713

Vulnerability Description

Related Vulnerabilities

CVE-2017-7559

CVE-2018-7068

CVE-2020-7655

CVE-2020-7658

CVE-2019-19326

CVE-2021-21295