{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T20:13:57.552","vulnerabilities":[{"cve":{"id":"CVE-2020-3547","sourceIdentifier":"psirt@cisco.com","published":"2020-09-04T03:15:11.200","lastModified":"2024-11-21T05:31:17.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web en el software  Cisco AsyncOS para Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) y Cisco Web Security Appliance (WSA), podría permitir a un atacante remoto autenticado acceder a información confidencial en un dispositivo afectado. La vulnerabilidad se presenta porque un método no seguro es usado para enmascarar determinadas contraseñas en la interfaz de administración basada en web. Un atacante podría explotar esta vulnerabilidad al observar el código HTML sin procesar que es recibido desde la interfaz. Una explotación con éxito podría permitir al atacante obtener algunas de las contraseñas configuradas en toda la interfaz"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*","versionEndIncluding":"13.5.1-277","matchCriteriaId":"94855F23-1DA0-4A08-BBE5-167A265A4155"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:email_security_appliance:-:*:*:*:*:*:*:*","matchCriteriaId":"C3DD0BAE-272E-4B9F-8F3B-B6091DEA5E33"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*","versionEndIncluding":"13.6.1-193","matchCriteriaId":"9010DBBA-9AE9-4510-A63B-1C1843A98C23"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*","matchCriteriaId":"60635EC8-9AFA-400D-A919-66E60CDEF852"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*","versionEndIncluding":"11.7.2-011","matchCriteriaId":"AD91D872-A21C-4A08-8A05-D0D9B0372570"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*","matchCriteriaId":"8F24CCD0-DFAB-44D9-B29A-A6D925A83C93"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}