Cisco AsyncOS Software Vulnerability Could Allow Access to Sensitive Information
CVE-2021-1425

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Email And Web Manager
Vendor: CVE Published:; 18 November 2024

Summary

A security vulnerability exists within the web-based management interface of Cisco AsyncOS Software for Content Security Management Appliances. This issue arises from sensitive information being transmitted in HTTP requests between the user and the device. An authenticated remote attacker could exploit this flaw by examining raw HTTP requests sent to the management interface, potentially leading to the unauthorized access of stored passwords and other confidential information. Cisco has addressed this concern with software updates, but no workarounds are available to mitigate the risk.

Affected Version(s)

Cisco Secure Email and Web Manager

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020