Guest

Preview Tool

Cisco Bug: CSCvu18825 - Cisco Content Security Appliance Syslog Information Disclosure Vulnerability

Last Modified

Jul 06, 2020

Products (1)

  • Cisco Content Security Management Appliance

Known Affected Releases

13.6.0-157

Description (partial)

Symptom:
A vulnerability in the log management subsystem of AsyncOS for Cisco Content Security Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive information stored in certain log files..

The vulnerability is due to insufficient controls related to Syslog based log subscriptions.. An attacker could exploit this vulnerability by waiting for the legitimate syslog server to go offline and impersonating it. An exploit could allow the attacker to obtain sensitive information stored in the product logs that are being sent via syslog. An attacker cannot exploit this vulnerability to affect the availability of the syslog server.

Conditions:
This vulnerability Cisco SMA configured to send out log subscriptions via Syslog.
This vulnerability can only be exploited if the legitimate Syslog server goes offline and the attacker is able to impersonate it.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.