CVE-2020-3122

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-3122
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
History

31 Jul 2025, 19:44

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:content_security_management_appliance:11.0.0-128:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.0-128:*:*:*:*:*:*:*		 cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:11.0.0-128:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
First Time Cisco secure Email And Web Manager M390x
Cisco secure Email And Web Manager M170
Cisco secure Email And Web Manager M690x
Cisco secure Email And Web Manager M395
Cisco secure Email And Web Manager M190
Cisco secure Email And Web Manager M695
Cisco secure Email And Web Manager M380
Cisco secure Email And Web Manager M680
Cisco asyncos
Cisco secure Email And Web Manager M195
Cisco secure Email And Web Manager M690
Cisco secure Email And Web Manager M390

31 Jul 2025, 17:14

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:content_security_management_appliance:11.0.0-128:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.0-128:*:*:*:*:*:*:*
References () https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 - () https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr92383 - Vendor Advisory
First Time Cisco content Security Management Appliance
Cisco secure Email And Web Manager
Cisco
Summary
  • (es) Una vulnerabilidad en la interfaz de administración basada en web de Cisco AsyncOS para Cisco Content Security Management Appliance (SMA) podría permitir que un atacante remoto no autenticado obtenga información confidencial de la red.

04 Mar 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-04 19:15

Updated : 2025-07-31 19:44

NVD link : CVE-2020-3122

Mitre link : CVE-2020-3122

CVE.ORG link : CVE-2020-3122

JSON object : View

Products Affected

cisco

  • secure_email_and_web_manager_m390
  • secure_email_and_web_manager_m695
  • secure_email_and_web_manager_m195
  • asyncos
  • secure_email_and_web_manager_m390x
  • secure_email_and_web_manager_m395
  • secure_email_and_web_manager_m690
  • secure_email_and_web_manager_m690x
  • secure_email_and_web_manager_m680
  • secure_email_and_web_manager_m380
  • secure_email_and_web_manager_m190
  • secure_email_and_web_manager_m170
CWE
CWE-284

Improper Access Control