Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20170816-CSA
HistoryAug 16, 2017 - 4:00 p.m.

Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability

2017-08-1616:00:00
tools.cisco.com
11

0.001 Low

EPSS

Percentile

50.4%

JSON

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user.

The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa”]

Affected configurations

Vulners
Node
ciscoweb_security_appliance_\(wsa\)Matchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscocontent_security_management_virtual_applianceMatchany
OR
ciscoweb_security_appliance_\(wsa\)Matchany
OR
ciscoironport_email_security_applianceMatchany
OR
ciscocontent_security_management_virtual_applianceMatchany

Related

prion 1
cvelist 1
openvas 3
nvd 1
cve 1
prion
prion
Design/Logic Flaw
2017-08-17 20:29:00
cvelist
cvelist
CVE-2017-6783
2017-08-16 00:00:00
openvas
openvas
Cisco Email Security Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
Cisco Content Security Management Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
Cisco Web Security Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
nvd
nvd
CVE-2017-6783
2017-08-17 20:29:00
cve
cve
CVE-2017-6783
2017-08-17 20:29:00

0.001 Low

EPSS

Percentile

50.4%

JSON
Related for CISCO-SA-20170816-CSA
prion1cvelist1openvas3nvd1cve1