#VU54172 Improper Certificate Validation in Cisco AsyncOS for Web Security Appliances and Cisco AsyncOS for Cisco Email Security Appliance - CVE-2021-1566

Cybersecurity Help s.r.o.

Published: 2021-06-16

Vulnerability identifier: #VU54172

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-1566

CWE-ID: CWE-295

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Cisco AsyncOS for Web Security Appliances
Server applications / IDS/IPS systems, Firewalls and proxy servers
Cisco AsyncOS for Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to preform MitM attack.

The vulnerability exists due to improper certificate validation when establishing TLS connection. A remote attacker can perform a man-in-the-middle (MitM) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco AsyncOS for Web Security Appliances: before 11.8.3 021

Cisco AsyncOS for Cisco Email Security Appliance: before 12.5.3 035

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw08342
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw08378

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

MitM atack in Cisco Email Security Appliance and Cisco Web Security Appliance