CVE-2021-1425

CWE-2014 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 36.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Asyncos Cisco Cisco Secure Email AND WEB Manager

Timeline

PublishedNov 18

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A succe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/asyncos< 13.8.0

▶CVEListV5cisco/cisco_secure_email_and_web_managerN/A

🔴Vulnerability Details

CVEList

Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability↗2024-11-18

▶

GHSA

GHSA-92xx-rm6p-pfrg: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an a↗2024-11-18

▶

📋Vendor Advisories

Cisco

Cisco Content Security Management Appliance Information Disclosure Vulnerability↗2021-03-03

▶