CVE-2021-1516

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) (affected versions not specified)

Description The issue is related to insufficient protection of sensitive data in the source code of the web-based management interface. This could allow a remote attacker to gain unauthorized access to protected information using specially crafted HTTP requests. The vulnerability exists because confidential information is included in HTTP requests exchanged between the user and the device. An attacker could exploit this by examining the raw HTTP requests sent to the interface, potentially obtaining some configured passwords.

Recommendations For Cisco AsyncOS Software, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. Restrict access to sensitive information on affected devices to minimize the risk of exploitation.