Inclusion of Sensitive Information in Log Files in Cisco AsyncOS for Cisco Email Security Appliance and Cisco AsyncOS for Cisco Content Security Management Appliance - CVE-2020-3447
Published: August 6, 2020
Vulnerability identifier: #VU34092
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3447
CWE-ID: CWE-532
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AsyncOS for Cisco Email Security Appliance
Cisco AsyncOS for Cisco Content Security Management Appliance
Cisco AsyncOS for Cisco Email Security Appliance
Cisco AsyncOS for Cisco Content Security Management Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A remote authenticated attacker can read the log files and gain access to sensitive data.
How to mitigate CVE-2020-3447
Install updates from vendor's website.