CVE-2020-3122

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-3122

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

References
Link Resource
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
History

31 Jul 2025, 19:44

Type Values Removed Values Added
First Time Cisco secure Email And Web Manager M395
Cisco secure Email And Web Manager M380
Cisco secure Email And Web Manager M690
Cisco asyncos
Cisco secure Email And Web Manager M390x
Cisco secure Email And Web Manager M190
Cisco secure Email And Web Manager M690x
Cisco secure Email And Web Manager M695
Cisco
Cisco secure Email And Web Manager M680
Cisco secure Email And Web Manager M390
Cisco secure Email And Web Manager M170
Cisco secure Email And Web Manager M195
CPE cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad en la interfaz de administración basada en web de Cisco AsyncOS para Cisco Content Security Management Appliance (SMA) podría permitir que un atacante remoto no autenticado obtenga información confidencial de la red.
References () https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 - () https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 - Vendor Advisory

04 Mar 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-04 19:15

Updated : 2025-07-31 19:44

NVD link : CVE-2020-3122

Mitre link : CVE-2020-3122

CVE.ORG link : CVE-2020-3122

JSON object : View

Products Affected

cisco

CWE
CWE-284

Improper Access Control