CVE-2020-3122

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::*

History

No history.

Information

Published : 2025-03-04 19:15

Updated : 2025-07-31 19:44

NVD link : CVE-2020-3122

Mitre link : CVE-2020-3122

CVE.ORG link : CVE-2020-3122

JSON object : View

Products Affected

cisco

secure_email_and_web_manager_m195
secure_email_and_web_manager_m395
secure_email_and_web_manager_m690x
secure_email_and_web_manager_m690
secure_email_and_web_manager_m680
secure_email_and_web_manager_m190
secure_email_and_web_manager_m170
secure_email_and_web_manager_m695
secure_email_and_web_manager_m380
secure_email_and_web_manager_m390x
asyncos
secure_email_and_web_manager_m390

CWE

CWE-284

Improper Access Control

{"id": "CVE-2020-3122", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-04T19:15:36.890", "references": [{"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco AsyncOS para Cisco Content Security Management Appliance (SMA) podr\u00eda permitir que un atacante remoto no autenticado obtenga informaci\u00f3n confidencial de la red."}], "lastModified": "2025-07-31T19:44:34.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BADF6D45-FDBE-42A7-A915-0DDD8FBC64F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3057023B-AD68-4953-A780-75EA416A7B94"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B87164B6-4717-4968-86F7-C62EB677FC50"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10BD81D0-D81A-4361-B4E8-D674732A2A33"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D28903F8-3C4D-4337-9721-CEC108A7E2D5"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "84ACD394-2E45-4E8E-A342-AC57935C7038"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6112D56B-B68B-40B0-8EB9-3315533110C7"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A1198BC-C934-4C26-887D-D599E8128FD3"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10374BA0-E7DD-4930-8C58-251F98B75A11"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD265B49-C691-44B3-A505-DC704E80313C"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E37CFC3A-1752-4C66-BD32-CFFA46C3E6AD"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "830693AC-A737-43B9-BBB4-E3A1C950C47F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}