CVE-2021-1129

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (affected versions not specified) Cisco Content Security Management Appliance (affected versions not specified) Cisco Web Security Appliance (affected versions not specified)

Description The issue is related to a lack of authentication token requirement in the API component of the affected systems, which could allow a remote attacker to gain unauthorized access to protected information. An attacker could exploit this by sending a crafted request to the general purpose API, potentially resulting in the disclosure of system and configuration information.

Recommendations For Cisco Email Security Appliance, consider restricting access to the general purpose API until a fix is available. For Cisco Content Security Management Appliance, consider disabling unnecessary API endpoints to minimize the risk of exploitation. For Cisco Web Security Appliance, avoid using the API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.