A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-04T02:26:23.754677Z
Updated: 2024-11-13T18:07:07.622Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3547
Vulnrichment
Updated: 2024-08-04T07:37:54.980Z
NVD
Status : Modified
Published: 2020-09-04T03:15:11.200
Modified: 2024-11-21T05:31:17.363
Link: CVE-2020-3547
Redhat
No data.