CVE-2020-3547Sensitive Information Exposure in Cisco Asyncos

CWE-200Sensitive Information ExposureCWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.2%
top 61.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco AsyncosCisco WEB Security Appliance
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/asyncos13.5.1-277+2

🔴Vulnerability Details

2
GHSA
GHSA-5hr4-4h3v-pvc5: A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Manag2022-05-24
CVEList
Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability2020-09-04

📋Vendor Advisories

1
Cisco
Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability2020-09-02
CVE-2020-3547 — Sensitive Information Exposure in Cisco | cvebase