Cisco AsyncOS Software Vulnerability Could Allow Access to Sensitive Information
CVE-2021-1425
4.3MEDIUM
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 18 November 2024
What is CVE-2021-1425?
A security vulnerability exists within the web-based management interface of Cisco AsyncOS Software for Content Security Management Appliances. This issue arises from sensitive information being transmitted in HTTP requests between the user and the device. An authenticated remote attacker could exploit this flaw by examining raw HTTP requests sent to the management interface, potentially leading to the unauthorized access of stored passwords and other confidential information. Cisco has addressed this concern with software updates, but no workarounds are available to mitigate the risk.
Affected Version(s)
Cisco Secure Email and Web Manager