CVE-2021-1425

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) (affected versions not specified)

Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to access sensitive information on an affected device. The issue arises because confidential information is included in HTTP requests exchanged between the user and the device. An attacker could exploit this by examining the raw HTTP requests sent to the interface, potentially obtaining some configured passwords.

Recommendations: For Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), update to the latest software version that addresses this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability.