Information Disclosure Vulnerability in Cisco Secure Email and Web Appliances
CVE-2025-20207

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Email
Cisco Secure Email And Web Manager
Cisco Secure Web Appliance
Vendor
CVE Published:
5 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the Simple Network Management Protocol (SNMP) polling mechanism for certain Cisco appliances allows authenticated remote attackers to retrieve sensitive information regarding the underlying operating system. This issue arises because the appliances fail to adequately secure sensitive data when responding to SNMP polls. By crafting specific SNMP requests, an attacker with the appropriate SNMP credentials may exploit this flaw to gain unauthorized access to confidential information that should remain protected. Prompt mitigation is recommended to prevent potential data breaches.

Affected Version(s)

Cisco Secure Email 14.0.0-698

Cisco Secure Email 13.5.1-277

Cisco Secure Email 13.0.0-392

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.