Cisco AsyncOS Software Vulnerability Could Allow Access to Sensitive Information
CVE-2021-1425

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Email And Web Manager
Vendor
CVE Published:
18 November 2024

Summary

A security vulnerability exists within the web-based management interface of Cisco AsyncOS Software for Content Security Management Appliances. This issue arises from sensitive information being transmitted in HTTP requests between the user and the device. An authenticated remote attacker could exploit this flaw by examining raw HTTP requests sent to the management interface, potentially leading to the unauthorized access of stored passwords and other confidential information. Cisco has addressed this concern with software updates, but no workarounds are available to mitigate the risk.

Affected Version(s)

Cisco Secure Email and Web Manager

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-1425 : Cisco AsyncOS Software Vulnerability Could Allow Access to Sensitive Information | SecurityVulnerability.io