6.5
CVE-2021-1425
- EPSS 0.14%
- Veröffentlicht 18.11.2024 16:15:10
- Zuletzt bearbeitet 11.08.2025 17:32:43
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Asyncos Version < 13.8.0
Cisco ≫ Content Security Management Appliance Smav M000v Version-
Cisco ≫ Content Security Management Appliance Smav M100v Version-
Cisco ≫ Content Security Management Appliance Smav M300v Version-
Cisco ≫ Content Security Management Appliance Smav M600v Version-
Cisco ≫ Content Security Management Appliance Sma M190 Version-
Cisco ≫ Content Security Management Appliance Sma M195 Version-
Cisco ≫ Content Security Management Appliance Sma M395 Version-
Cisco ≫ Content Security Management Appliance Sma M690 Version-
Cisco ≫ Content Security Management Appliance Sma M695 Version-
Cisco ≫ Content Security Management Appliance Smav M100v Version-
Cisco ≫ Content Security Management Appliance Smav M300v Version-
Cisco ≫ Content Security Management Appliance Smav M600v Version-
Cisco ≫ Content Security Management Appliance Sma M190 Version-
Cisco ≫ Content Security Management Appliance Sma M195 Version-
Cisco ≫ Content Security Management Appliance Sma M395 Version-
Cisco ≫ Content Security Management Appliance Sma M690 Version-
Cisco ≫ Content Security Management Appliance Sma M695 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.