McAfee Skyhigh Secure Web Gateway up to 11.1.2 redirect

Summaryinfo

A vulnerability identified as problematic has been detected in McAfee Skyhigh Secure Web Gateway up to 7.8.2.30/8.2.26/9.2.19/10.2.8/11.1.2. The impacted element is an unknown function. Performing a manipulation results in redirect. This vulnerability is cataloged as CVE-2022-1254. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in McAfee Skyhigh Secure Web Gateway up to 7.8.2.30/8.2.26/9.2.19/10.2.8/11.1.2 (Firewall Software). It has been classified as problematic. This affects some unknown functionality. The manipulation with an unknown input leads to a redirect vulnerability. CWE is classifying the issue as CWE-601. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. This is going to have an impact on confidentiality, and integrity.

The weakness was shared 04/20/2022. The advisory is shared at kc.mcafee.com. This vulnerability is uniquely identified as CVE-2022-1254 since 04/06/2022. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1204.001 for this issue.

Upgrading to version 7.8.2.31, 8.2.27, 9.2.20, 10.2.9 or 11.1.3 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• McAfee

Name

• Skyhigh Secure Web Gateway

Version

• 7.8.2.0
• 7.8.2.1
• 7.8.2.2
• 7.8.2.3
• 7.8.2.4
• 7.8.2.5
• 7.8.2.6
• 7.8.2.7
• 7.8.2.8
• 7.8.2.9
• 7.8.2.10
• 7.8.2.11
• 7.8.2.12
• 7.8.2.13
• 7.8.2.14
• 7.8.2.15
• 7.8.2.16
• 7.8.2.17
• 7.8.2.18
• 7.8.2.19
• 7.8.2.20
• 7.8.2.21
• 7.8.2.22
• 7.8.2.23
• 7.8.2.24
• 7.8.2.25
• 7.8.2.26
• 7.8.2.27
• 7.8.2.28
• 7.8.2.29
• 7.8.2.30
• 8.2.0
• 8.2.1
• 8.2.2
• 8.2.3
• 8.2.4
• 8.2.5
• 8.2.6
• 8.2.7
• 8.2.8
• 8.2.9
• 8.2.10
• 8.2.11
• 8.2.12
• 8.2.13
• 8.2.14
• 8.2.15
• 8.2.16
• 8.2.17
• 8.2.18
• 8.2.19
• 8.2.20
• 8.2.21
• 8.2.22
• 8.2.23
• 8.2.24
• 8.2.25
• 8.2.26
• 9.2.0
• 9.2.1
• 9.2.2
• 9.2.3
• 9.2.4
• 9.2.5
• 9.2.6
• 9.2.7
• 9.2.8
• 9.2.9
• 9.2.10
• 9.2.11
• 9.2.12
• 9.2.13
• 9.2.14
• 9.2.15
• 9.2.16
• 9.2.17
• 9.2.18
• 9.2.19
• 10.2.0
• 10.2.1
• 10.2.2
• 10.2.3
• 10.2.4
• 10.2.5
• 10.2.6
• 10.2.7
• 10.2.8
• 11.1.0
• 11.1.1
• 11.1.2

License

• commercial

Website

• Vendor: https://www.mcafee.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion