Rewterz

Rewterz Threat Advisory –CVE-2021-22029 – VMware Security Vulnerability

August 20, 2021
Rewterz

Rewterz Threat Alert – Confucius APT Group Used Pegasus Spyware to Targeting Pakistani Military

August 20, 2021

Rewterz Threat Advisory –CVE-2021-1561 – Cisco Secure Email and Web Manager Security Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-1561

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user’s spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces.

Impact

  • Unauthorized Access

Affected Vendors

Cisco

Affected Products

  • Cisco Secure Email and Web Manager releases earlier than Release 14.1.

Remediation

Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.