Cybersecurity specialists report the detection of a severe vulnerability in Secure Email and Web Manager, two popular security solutions developed by the technology firm Cisco. According to the report, the flaw could be exploited to evade security controls on the affected applications.
Tracked as CVE-2021-1561, the vulnerability exists due to an error in the configuration of the spam email quarantine. Authenticated remote threat actors might send requests specially crafted to gain unauthorized access and modify the configuration of this security feature.
The vulnerability received a score of 4.7/10 according to the Common Vulnerability Scoring System (CVSS) and successful exploitation would allow threat actors to evade authentication mechanisms in these applications.
According to the report, the flaw lies in all versions of Secure Email and Web Manager prior to v14.1.
This flaw can be exploited remotely, although a successful attack requires authenticated access to the target system. However, affected users are encouraged to update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
