Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-ESA-WSA-SMA-INFO-RHP44VAC
HistoryJan 20, 2021 - 4:00 p.m.

Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability

2021-01-2016:00:00
tools.cisco.com
37
cisco
email security
content security
web security
information disclosure
vulnerability
authentication
api
remote attacker
configuration information
software update

EPSS

0.001

Percentile

49.3%

JSON

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device.

The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC”]

Affected configurations

Vulners
Node
ciscoweb_security_appliance_\(wsa\)Matchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
OR
ciscoweb_security_appliance_\(wsa\)Matchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_applianceMatchany
VendorProductVersionCPE
ciscoweb_security_appliance_\(wsa\)anycpe:2.3:a:cisco:web_security_appliance_\(wsa\):any:*:*:*:*:*:*:*
ciscoemail_security_applianceanycpe:2.3:h:cisco:email_security_appliance:any:*:*:*:*:*:*:*
ciscocontent_security_management_applianceanycpe:2.3:h:cisco:content_security_management_appliance:any:*:*:*:*:*:*:*

Related

prion 1
cve 1
nessus 3
cvelist 1
nvd 1
prion
prion
Information disclosure
2021-01-20 20:15:00
cve
cve
CVE-2021-1129
2021-01-20 20:15:13
nessus
nessus
Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
Cisco Content Security Management Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
Cisco Web Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
cvelist
cvelist
CVE-2021-1129 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
2021-01-20 19:35:17
nvd
nvd
CVE-2021-1129
2021-01-20 20:15:13

EPSS

0.001

Percentile

49.3%

JSON
Related for CISCO-SA-ESA-WSA-SMA-INFO-RHP44VAC
prion1cve1nessus3cvelist1nvd1