Cisco Secure Email and Web Manager (SMA) Information Disclosure (cisco-sa-esasma-info-dsc-Q9tLuOvM)

high Nessus Plugin ID 162385

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Secure Email and Web Manager (SMA) is affected by an information disclosure vulnerability in the web management interface. This could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvz20942, CSCvz40090

See Also

http://www.nessus.org/u?4dcc8c49

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz20942

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz40090

Plugin Details

Severity: High

ID: 162385

File Name: cisco-sa-esasma-info-dsc-Q9tLuOvM_sma.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 6/17/2022

Updated: 11/8/2022

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2022-20664

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:email_security_appliance

Required KB Items: Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion, Host/AsyncOS/Cisco Content Security Management Appliance/Version, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 6/15/2022

Vulnerability Publication Date: 6/15/2022

Reference Information

CVE: CVE-2022-20664

CWE: 497

CISCO-SA: cisco-sa-esasma-info-dsc-Q9tLuOvM

IAVA: 2022-A-0250-S

CISCO-BUG-ID: CSCvz20942, CSCvz40090