CVE-2021-1425

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 201

Summary

CVE-2021-1425 is a vulnerability affecting the web-based management interface of Cisco AsyncOS Software for Content Security Management Appliance (SMA). An authenticated attacker can exploit this issue by examining raw HTTP requests exchanged between the user and the device, potentially gaining access to sensitive information such as configured passwords. The vulnerability arises due to the inclusion of confidential data in these requests. No workarounds are available, and Cisco has released software updates to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share