Описание
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00321
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
EPSS
Процентиль: 55%
0.00321
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20