CVE-2025-20207

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 73.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Secure EmailCisco Cisco Secure Email AND WEB ManagerCisco Cisco Secure WEB Appliance
Timeline
PublishedFeb 5

Description

A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll req

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5cisco/cisco_secure_email12 versions+11
CVEListV5cisco/cisco_secure_web_appliance49 versions+48

🔴Vulnerability Details

2
CVEList
Cisco Secure Email Gateway, Cisco Secure Email and Web Appliance and Cisco Secure Web Appliance SNMP Polling Information Disclosure Vulnerability2025-02-05
GHSA
GHSA-w3cf-qcr3-6ppg: A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Sec2025-02-05

📋Vendor Advisories

1
Cisco
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability2025-02-05
CVE-2025-20207 (MEDIUM CVSS 4.3) | A vulnerability in Simple Network M | cvebase.io