Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2021-1516

Published: 06/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Content Security Management Appliance

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote malicious user to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the malicious user to obtain some of the passwords that are configured throughout the interface.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco content_security_management_appliance -

cisco email_security_appliance -

cisco web_security_appliance -

cisco ironport web security appliance 13.6.2-023

cisco ironport web security appliance 14.0.0-090

cisco ironport web security appliance 14.0.0-133

cisco ironport web security appliance 14.0.0-292

cisco ironport web security appliance 14.0.0-300

Vendor Advisories

Cisco: Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device The vulnerability exists because conf ...

References

CWE-540https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2Hhttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook