CVE-2020-3122 — Improper Access Control in Cisco Ironport Security Management Appliance

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 58.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ironport Security Management Appliance Cisco Secure Email AND WEB Manager Cisco Asyncos

Timeline

PublishedMar 4

Description

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5cisco/cisco_ironport_security_management_applianceN/A

▶NVDcisco/asyncos11.0.0-128

▶CVEListV5cisco/cisco_secure_email_and_web_manager11.0.0(Ritz)-128

🔴Vulnerability Details

CVEList

Cisco Content Security Management Appliance Information Disclosure Vulnerability↗2025-03-04

▶

GHSA

GHSA-5j8p-9vxc-hp7x: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenti↗2025-03-04

▶

💥Exploits & PoCs

Nuclei

NCR Command Center Agent 16.3 - Remote Command Execution

▶