Guest

Preview Tool

Cisco Bug: CSCvr92383 - Cisco Content Security Management Appliance Information Disclosure Vulnerability

Last Modified

Aug 27, 2020

Products (1)

  • Cisco Content Security Management Appliance

Known Affected Releases

11.0.0-128

Description (partial)

Symptom:
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

The vulnerability is due to improper handling of specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to get data about the private IP addressing range that could be used to launch further attacks.

Conditions:
Device running with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.