CVE-2020-3546

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance (ESA) (affected versions not specified)

Description: A vulnerability in the web-based management interface of Cisco AsyncOS software could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The issue is due to insufficient validation of requests sent to the web-based management interface. An attacker could exploit this by sending a crafted request to the interface, potentially obtaining IP addresses configured on the internal interfaces of the affected device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing the provided workaround that addresses this issue. Restrict access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface until the issue is resolved or the workaround is applied.