Improper Certificate Validation in Cisco AsyncOS for Web Security Appliances and Cisco AsyncOS for Cisco Email Security Appliance - CVE-2021-1566
Published: June 16, 2021
Vulnerability identifier: #VU54172
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1566
CWE-ID: CWE-295
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AsyncOS for Web Security Appliances
Cisco AsyncOS for Cisco Email Security Appliance
Cisco AsyncOS for Web Security Appliances
Cisco AsyncOS for Cisco Email Security Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to preform MitM attack.
The vulnerability exists due to improper certificate validation when establishing TLS connection. A remote attacker can perform a man-in-the-middle (MitM) attack.
How to mitigate CVE-2021-1566
Install updates from vendor's website.