Lucene search

[email protected]NVD:CVE-2021-1129

HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1129

2021-01-2020:15:13

CWE-201

[email protected]

web.nvd.nist.gov

cisco

email security appliance

content security management

web security appliance

vulnerability

unauthenticated

remote attacker

system information

configuration information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch12.5.0

ciscoemail_security_applianceMatch13.0.0

ciscoweb_security_applianceMatch11.8.0

VendorProductVersionCPE
ciscocontent_security_management_appliance12.5.0cpe:2.3:a:cisco:content_security_management_appliance:12.5.0:*:*:*:*:*:*:*
ciscoemail_security_appliance13.0.0cpe:2.3:a:cisco:email_security_appliance:13.0.0:*:*:*:*:*:*:*
ciscoweb_security_appliance11.8.0cpe:2.3:a:cisco:web_security_appliance:11.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	12.5.0	cpe:2.3:a:cisco:content_security_management_appliance:12.5.0:::::::*
cisco	email_security_appliance	13.0.0	cpe:2.3:a:cisco:email_security_appliance:13.0.0:::::::*
cisco	web_security_appliance	11.8.0	cpe:2.3:a:cisco:web_security_appliance:11.8.0:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Related for NVD:CVE-2021-1129

prion1 cve1 nessus3 cvelist1 cisco1