Information disclosure in Cisco Systems, Inc products - CVE-2020-3547
Published: September 3, 2020
Vulnerability identifier: #VU46249
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3547
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance
Cisco Content Security Management Appliance
Cisco Web Security Appliance
Cisco AsyncOS for Cisco Email Security Appliance
Cisco Content Security Management Appliance
Cisco Web Security Appliance
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an insecure method used to mask certain passwords on the web-based management interface. A remote authenticated attacker can look at the raw HTML code that is received from the interface and gain unauthorized access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.