Cisco Security Advisory - Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability

Started by Netwörkheäd, March 30, 2022, 06:10:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

March 30, 2022, 06:10:46 AM
Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability

<p>A vulnerability in the web-based management interface of Cisco&nbsp;AsyncOS Software for Cisco&nbsp;Content Security Management Appliance (SMA) and Cisco&nbsp;Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device.</p>
<p>The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP</a></p>

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2020-3547
Source: Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions