cisco-sa-esa-wsa-sma-info-gY2AEz2H: Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability
First published: Wed May 05 2021(Updated: )
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H
Credit: This vulnerability was found by Rakshith Rajanna Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS | ||
| Cisco Content Security Management Virtual Appliance | ||
| Cisco Email Security Appliance Firmware | ||
| Cisco Web Security Appliance |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-esa-wsa-sma-info-gY2AEz2H?
The severity of cisco-sa-esa-wsa-sma-info-gY2AEz2H is considered high due to the potential for unauthorized access to sensitive information.
How do I fix cisco-sa-esa-wsa-sma-info-gY2AEz2H?
To fix cisco-sa-esa-wsa-sma-info-gY2AEz2H, upgrade to the latest version of the affected Cisco AsyncOS software.
Who is affected by cisco-sa-esa-wsa-sma-info-gY2AEz2H?
Organizations using Cisco AsyncOS Software for Email Security Appliance, Web Security Appliance, or Content Security Management Appliance are affected by cisco-sa-esa-wsa-sma-info-gY2AEz2H.
What is the nature of the vulnerability in cisco-sa-esa-wsa-sma-info-gY2AEz2H?
The vulnerability in cisco-sa-esa-wsa-sma-info-gY2AEz2H allows an authenticated remote attacker to access sensitive information via the web management interface.
Are there any workarounds for cisco-sa-esa-wsa-sma-info-gY2AEz2H?
Currently, there are no official workarounds for mitigating the risks associated with cisco-sa-esa-wsa-sma-info-gY2AEz2H other than applying the software update.
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asyncos
- canonical/cisco content security management virtual appliance
- canonical/cisco email security appliance firmware
- canonical/cisco web security appliance