CVE-2020-3447

CWE-532Log File Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 55.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Content Security Management ApplianceCisco Email Security ApplianceCisco Cisco Email Security Appliance (esa)
Timeline
PublishedAug 17
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitiv

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-pqcf-jf74-qjf4: A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance2022-05-24
CVEList
Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability2020-08-17

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability2020-08-05
CVE-2020-3447 (MEDIUM CVSS 6.5) | A vulnerability in the CLI of Cisco | cvebase.io