{"containers": {"cna": {"affected": [{"product": "Cisco Web Security Appliance (WSA)", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-296", "description": "CWE-296", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T17:45:41", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"}], "source": {"advisory": "cisco-sa-esa-wsa-cert-vali-n8L97RW", "defect": [["CSCvw08342", "CSCvw08378"]], "discovery": "INTERNAL"}, "title": "Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-06-16T16:00:00", "ID": "CVE-2021-1566", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Web Security Appliance (WSA)", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.4", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-296"}]}]}, "references": {"reference_data": [{"name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"}]}, "source": {"advisory": "cisco-sa-esa-wsa-cert-vali-n8L97RW", "defect": [["CSCvw08342", "CSCvw08378"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:10.153Z"}, "title": "CVE Program Container", "references": [{"name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T21:43:43.312770Z", "id": "CVE-2021-1566", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T22:08:10.019Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1566", "datePublished": "2021-06-16T17:45:41.215864Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T22:08:10.019Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW", "name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:10.153Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1566", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-07T21:43:43.312770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T21:44:09.406Z"}}], "cna": {"title": "Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "source": {"defect": [["CSCvw08342", "CSCvw08378"]], "advisory": "cisco-sa-esa-wsa-cert-vali-n8L97RW", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Web Security Appliance (WSA)", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2021-06-16T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW", "name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-296", "description": "CWE-296"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-06-16T17:45:41"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "7.4", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}, "source": {"defect": [["CSCvw08342", "CSCvw08378"]], "advisory": "cisco-sa-esa-wsa-cert-vali-n8L97RW", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Web Security Appliance (WSA)"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW", "name": "20210616 Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-296"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-1566", "STATE": "PUBLIC", "TITLE": "Cisco\u00a0Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-06-16T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-1566", "state": "PUBLISHED", "dateUpdated": "2024-11-07T22:08:10.019Z", "dateReserved": "2020-11-13T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-06-16T17:45:41.215864Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "678C2C6F-6D46-4BBE-A902-7AD031D8EBA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3A8C94-CD5C-4309-8F1B-B151B3D091CC", "versionEndExcluding": "12.5.3-035", "vulnerable": true}], "negate": false, "operator": "AND"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "678C2C6F-6D46-4BBE-A902-7AD031D8EBA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE1DE406-EA9E-40DD-B18B-C19DF63EC13B", "versionEndExcluding": "13.0.0-030", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "AND"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "678C2C6F-6D46-4BBE-A902-7AD031D8EBA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "39DEA2BD-4772-4F8D-9CD2-1BB377ECF64B", "versionEndExcluding": "13.5.3-010", "versionStartIncluding": "13.5", "vulnerable": true}], "negate": false, "operator": "AND"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7C2555C-7E97-475F-9EDC-027B51A40708", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "33FDC1BE-F1C3-4030-82CE-38D99DC30B5B", "versionEndExcluding": "11.8.3-021", "vulnerable": true}], "negate": false, "operator": "AND"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7C2555C-7E97-475F-9EDC-027B51A40708", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1CC6572-4281-45E1-9B33-6993B45E6B4F", "versionEndExcluding": "12.0.3-005", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "AND"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7C2555C-7E97-475F-9EDC-027B51A40708", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA889DAF-1699-4A22-8A4C-D589F7BF10A8", "versionEndExcluding": "12.5.1-043", "versionStartIncluding": "12.5.0", "vulnerable": true}], "negate": false, "operator": "AND"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests."}, {"lang": "es", "value": "Una vulnerabilidad en la integraci\u00f3n de Cisco Advanced Malware Protection (AMP) for Endpoints de Cisco AsyncOS para Cisco Email Security Appliance (ESA) y Cisco Web Security Appliance (WSA) podr\u00eda permitir a un atacante remoto no autenticado interceptar el tr\u00e1fico entre un dispositivo afectado y los servidores AMP. Esta vulnerabilidad es debido a una comprobaci\u00f3n inapropiada del certificado cuando un dispositivo afectado establece conexiones TLS. Un atacante tipo \"man-in-the-middle\" podr\u00eda explotar esta vulnerabilidad mediante el envio de un paquete TLS dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante falsificar un host confiable y luego extraer informaci\u00f3n confidencial o alterar determinadas peticiones de la API"}], "id": "CVE-2021-1566", "lastModified": "2024-11-21T05:44:38.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-16T18:15:08.710", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-296"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}