Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2021-1129
HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1129

2021-01-2020:15:13
CWE-201
cisco
web.nvd.nist.gov
52
3
cve-2021-1129
authentication vulnerability
cisco
email security
content security
web security
appliance
remote attacker
information disclosure
api

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.

Affected configurations

Nvd
Node
ciscocontent_security_management_applianceMatch12.5.0
OR
ciscoemail_security_applianceMatch13.0.0
OR
ciscoweb_security_applianceMatch11.8.0
VendorProductVersionCPE
ciscocontent_security_management_appliance12.5.0cpe:2.3:a:cisco:content_security_management_appliance:12.5.0:*:*:*:*:*:*:*
ciscoemail_security_appliance13.0.0cpe:2.3:a:cisco:email_security_appliance:13.0.0:*:*:*:*:*:*:*
ciscoweb_security_appliance11.8.0cpe:2.3:a:cisco:web_security_appliance:11.8.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Web Security Appliance (WSA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

prion 1
nessus 3
cvelist 1
cisco 1
nvd 1
prion
prion
Information disclosure
2021-01-20 20:15:00
nessus
nessus
Cisco Content Security Management Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
Cisco Web Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-RHp44vAC)
2021-01-29 00:00:00
cvelist
cvelist
CVE-2021-1129 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
2021-01-20 19:35:17
cisco
cisco
Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
2021-01-20 16:00:00
nvd
nvd
CVE-2021-1129
2021-01-20 20:15:13

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON
Related for CVE-2021-1129
prion1nessus3cvelist1cisco1nvd1