Cisco Security Advisory - Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability

[Netwörkheäd]

Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability

<p>A vulnerability in the web management interface of Cisco&nbsp;Secure Email and Web Manager, formerly Cisco&nbsp;Security Management Appliance (SMA), and Cisco&nbsp;Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device.</p>
<p>This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM</a></p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20664
Source: Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability