Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-SMA-ESA-AUTH-BYPASS-66KECXQD
HistoryJun 15, 2022 - 4:00 p.m.

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

2022-06-1516:00:00
tools.cisco.com
16

0.004 Low

EPSS

Percentile

72.4%

JSON

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.

This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD”]

Affected configurations

Vulners
Node
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_appliance_sma_m190Matchany
OR
ciscoemail_security_applianceMatchany
OR
ciscocontent_security_management_appliance_sma_m190Matchany

Related

cve 1
cvelist 1
nessus 2
cnvd 1
prion 1
nvd 1
thn 1
cve
cve
CVE-2022-20798
2022-06-15 18:15:08
cvelist
cvelist
CVE-2022-20798 Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability
2022-06-15 00:00:00
nessus
nessus
Cisco Secure Email and Web Manager External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)
2022-07-27 00:00:00
Cisco Email Security Appliance External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)
2022-07-27 00:00:00
cnvd
cnvd
Cisco multiple product licensing issues vulnerabilities
2022-06-17 00:00:00
prion
prion
Authentication flaw
2022-06-15 18:15:00
nvd
nvd
CVE-2022-20798
2022-06-15 18:15:08
thn
thn
Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication
2022-06-16 03:28:00

0.004 Low

EPSS

Percentile

72.4%

JSON
Related for CISCO-SA-SMA-ESA-AUTH-BYPASS-66KECXQD
cve1cvelist1nessus2cnvd1prion1nvd1thn1