QID 317199
Date Published: 2022-06-16
QID 317199: Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability (cisco-sa-esasma-info-dsc-Q9tLuOvM)
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device.
Affected Products
This vulnerability affects Cisco Secure Email and Web Manager and Cisco Email Security Appliance (ESA), both virtual and hardware appliances, if all of the following conditions are met:
They are running a vulnerable release of Cisco AsyncOS Software.
They are configured to use external authentication.
They are using LDAP as an authentication protocol.
Note: This QID is not checking for workarounds.
QID Detection Logic (Authenticated):
The check matches Cisco ESA OS version and Cisco SMA OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server.
Customers are advised to refer to cisco-sa-esasma-info-dsc-Q9tLuOvM for more information.
- cisco-sa-esasma-info-dsc-Q9tLuOvM -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM
CVEs related to QID 317199
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-esasma-info-dsc-Q9tLuOvM |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM |