Information Disclosure in Cisco Web, Email, and Content Security Appliances
CVE-2017-6783

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Web Security Appliance (wsa)
Email Security Appliance (esa)
Content Security Management Appliance (sma)
Vendor
CVE Published:
17 August 2017

Summary

A vulnerability exists in the Cisco Web Security Appliance, Email Security Appliance, and Content Security Management Appliance due to insufficient protection of confidential information in response to SNMP poll requests. Authenticated attackers can exploit this issue by sending crafted SNMP poll requests and retrieve sensitive information that should be accessible only to administrative users. Exploitation requires knowledge of the configured SNMP community string, which can lead to further unauthorized reconnaissance. The affected versions include specific releases of Cisco's security appliances.

Affected Version(s)

Content Security Management Appliance (SMA) 10.1.0-037

Email Security Appliance (ESA) 9.7.2-065

Web Security Appliance (WSA) 10.0.0-230

References

http://www.securitytracker.com/id/1039187
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100387
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039186
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.