CVE-2021-1566 vulnerability in Cisco Products
Published on June 16, 2021
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests.
Vulnerability Analysis
CVE-2021-1566 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Following of a Certificate's Chain of Trust
The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.
Products Associated with CVE-2021-1566
Want to know whenever a new CVE is published for Cisco products? stack.watch will email you.
Affected Versions
Cisco Web Security Appliance (WSA) Version n/a is affected by CVE-2021-1566Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.