CVE-2021-1129

CWE-2014 documents4 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 41.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco WEB Security Appliance (wsa)Cisco Content Security Management Appliance Cisco Email Security Appliance +1 more

Timeline

PublishedJan 20

Latest updateMay 24

Description

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/content_security_management_appliance12.5.0

▶NVDcisco/email_security_appliance13.0.0

▶NVDcisco/web_security_appliance11.8.0

▶CVEListV5cisco/cisco_web_security_appliance_(wsa)n/a

🔴Vulnerability Details

GHSA

GHSA-36mf-q7m2-w6vp: A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Mana↗2022-05-24

▶

CVEList

Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability↗2021-01-20

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability↗2021-01-20

▶