CVE-2021-1566

Description

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests.

Risk Information

Base Score

7.4

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

0.129

Associated Vulnerability

Vulnerability	OS Platform
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability For Cisco IronPort Email Security Appliance Software	NCM
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability For Cisco IronPort Web Security Appliance Software	NCM
Improper Certificate Validation Vulnerability (CVE-2021-1566)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706003	Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131
PATCH-1706023	Security Update for Cisco IronPort Web Security Appliance Software 9.1.2-010

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234