Cisco Bug: CSCvr92383 - Cisco Content Security Management Appliance Information Disclosure Vulnerability
Aug 27, 2020
- Cisco Content Security Management Appliance
Known Affected Releases
Symptom: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information. The vulnerability is due to improper handling of specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to get data about the private IP addressing range that could be used to launch further attacks. Conditions: Device running with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases