CVE-2025-20207
Published: Feb 5, 2025
Modified: Feb 5, 2025
CVSS v3.1
4.3
Description
A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Secure Email | affected 14.0.0-698affected 13.5.1-277affected 13.0.0-392affected 14.2.0-620affected 13.0.5-007+7 more versions |
Cisco | Cisco Secure Email and Web Manager | affected 13.6.2-023affected 13.6.2-078affected 13.0.0-249affected 13.0.0-277affected 13.8.1-052+15 more versions |
Cisco | Cisco Secure Web Appliance | affected 11.8.0-453affected 12.5.3-002affected 12.0.3-007affected 12.0.3-005affected 14.1.0-032+44 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now