CVE-2021-1425

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-1425
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:content_security_management_appliance_smav_m000v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m100v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m300v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m695:-:*:*:*:*:*:*:*
History

11 Aug 2025, 17:32

Type Values Removed Values Added
First Time Cisco
Cisco content Security Management Appliance Sma M190
Cisco content Security Management Appliance Smav M300v
Cisco content Security Management Appliance Sma M695
Cisco content Security Management Appliance Sma M395
Cisco asyncos
Cisco content Security Management Appliance Smav M100v
Cisco content Security Management Appliance Sma M690
Cisco content Security Management Appliance Smav M600v
Cisco content Security Management Appliance Sma M195
Cisco content Security Management Appliance Smav M000v
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 6.5
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ - Vendor Advisory
CPE cpe:2.3:h:cisco:content_security_management_appliance_sma_m690:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m000v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m100v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m395:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance_smav_m300v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m695:-:*:*:*:*:*:*:*

18 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-18 16:15

Updated : 2025-08-11 17:32

NVD link : CVE-2021-1425

Mitre link : CVE-2021-1425

JSON object : View

Products Affected

cisco

  • content_security_management_appliance_sma_m695
  • content_security_management_appliance_smav_m600v
  • content_security_management_appliance_sma_m195
  • content_security_management_appliance_sma_m395
  • content_security_management_appliance_smav_m100v
  • content_security_management_appliance_smav_m300v
  • content_security_management_appliance_sma_m190
  • content_security_management_appliance_sma_m690
  • content_security_management_appliance_smav_m000v
  • asyncos
CWE
CWE-201

Insertion of Sensitive Information Into Sent Data

NVD-CWE-noinfo