首页 -> 安全研究

安全研究

安全漏洞
Cisco Content SMA, ESA和WSA信息泄露漏洞(CVE-2021-1516)

发布日期:2021-05-05
更新日期:2021-05-08

受影响系统:
Cisco Web Security Appliance < 14.0
Cisco Email Security Appliance < 14.0
Cisco Content Security Management Appliance < 14.0
描述:
CVE(CAN) ID: CVE-2021-1516

Cisco Content Security Management Appliance是一套内容安全管理设备。Cisco Email Security Appliance(ESA)是一个电子邮件安全设备。Cisco Web Security Appliance(WSA)是一款Web安全设备。
Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA)和Cisco Web Security Appliance (WSA) 14.0之前版本的web管理界面存在信息泄露漏洞。该漏洞源于机密信息包含在用户和设备之间交换的HTTP请求中。经过身份认证的远程攻击者可利用该漏洞访问受影响设备上的敏感信息。

<*来源:Rakshith Rajanna(Cisco)
  
  链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2A
*>

建议:
厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-esa-wsa-sma-info-gY2AEz2H)以及相应补丁:
cisco-sa-esa-wsa-sma-info-gY2AEz2H:Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H

浏览次数:1499
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障