Rewterz Threat Advisory – Cisco Small Business 220 Series Smart Switches Vulnerability
June 17, 2021Rewterz Threat Advisory – CVE-2021-29968 – Mozilla Firefox Text Characters Vulnerability
June 17, 2021Rewterz Threat Advisory – Cisco Small Business 220 Series Smart Switches Vulnerability
June 17, 2021Rewterz Threat Advisory – CVE-2021-29968 – Mozilla Firefox Text Characters Vulnerability
June 17, 2021Severity
High
Analysis Summary
CVE-2021-1566
Cisco Email Security Appliance (ESA) and Web Security Appliance (WSA) are vulnerable to a man-in-the-middle attack, caused by improper certificate validation when establishes TLS connections. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to spoof a trusted host and then extract sensitive information or alter certain API requests.
Impact
- Gain Access
- Information Theft
Affected Vendors
Cisco
Affected Products
Cisco Email Security Appliance (ESA)
Cisco Web Security Appliance (WSA)
Remediation
Upgrade to the Cisco Small Business 220 Series Smart Switches firmware releases 1.2.0.6 and later from https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW