A vulnerability has been found in Trellix Skyhigh SWG up to 8.2.27/9.2.22/10.2.11/11.2.0 and classified as critical. Affected by this vulnerability is some unknown processing of the component Administration User Interface. The manipulation with an unknown input leads to a authentication spoofing vulnerability. The CWE definition for the vulnerability is CWE-290. This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.

The weakness was released 07/27/2022. The advisory is shared at kcm.trellix.com. This vulnerability is known as CVE-2022-2310 since 07/05/2022. Neither technical details nor an exploit are publicly available.

Upgrading to version 8.2.28, 9.2.23, 10.2.12 or 11.2.1 eliminates this vulnerability.

Productinfo

Vendor

• Trellix

Name

• Skyhigh SWG

License

• commercial

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion