Lucene search

K

Cisco Security Manager Security Vulnerabilities

cve
cve

CVE-2024-20302

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who.....

5.4CVSS

6.9AI Score

0.0004EPSS

2024-04-03 05:15 PM
32
cve
cve

CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML.....

9.8CVSS

9.7AI Score

0.002EPSS

2023-09-27 06:15 PM
2407
cve
cve

CVE-2023-20119

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the....

6.1CVSS

6AI Score

0.001EPSS

2023-06-28 03:15 PM
29
cve
cve

CVE-2023-20028

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a...

5.4CVSS

5.3AI Score

0.0005EPSS

2023-06-28 03:15 PM
26
cve
cve

CVE-2023-20120

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a...

6.1CVSS

6AI Score

0.001EPSS

2023-06-28 03:15 PM
43
cve
cve

CVE-2023-20009

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to...

7.2CVSS

7.3AI Score

0.001EPSS

2023-03-01 08:15 AM
64
cve
cve

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information...

6.5CVSS

6.2AI Score

0.001EPSS

2022-11-04 06:15 PM
31
4
cve
cve

CVE-2022-20867

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a...

6.5CVSS

6.7AI Score

0.001EPSS

2022-11-04 06:15 PM
58
9
cve
cve

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this....

8.8CVSS

8.6AI Score

0.003EPSS

2022-11-04 06:15 PM
65
9
cve
cve

CVE-2022-20772

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input...

5.3CVSS

5.3AI Score

0.001EPSS

2022-11-04 06:15 PM
39
6
cve
cve

CVE-2022-20829

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains...

9.1CVSS

7.8AI Score

0.007EPSS

2022-06-24 04:15 PM
115
4
cve
cve

CVE-2022-20651

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited......

5.5CVSS

6.2AI Score

0.0004EPSS

2022-06-22 02:15 PM
143
7
cve
cve

CVE-2022-20664

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...

7.7CVSS

7.5AI Score

0.001EPSS

2022-06-15 06:15 PM
97
6
cve
cve

CVE-2022-20798

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

9.8CVSS

9.6AI Score

0.004EPSS

2022-06-15 06:15 PM
62
6
cve
cve

CVE-2022-20759

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability...

8.8CVSS

8.8AI Score

0.001EPSS

2022-05-03 04:15 AM
222
3
cve
cve

CVE-2022-20675

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP)...

5.3CVSS

5.4AI Score

0.001EPSS

2022-04-06 07:15 PM
57
cve
cve

CVE-2022-20641

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
80
cve
cve

CVE-2022-20647

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
121
cve
cve

CVE-2022-20635

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
84
cve
cve

CVE-2022-20637

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
57
cve
cve

CVE-2022-20642

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
88
cve
cve

CVE-2022-20640

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
31
cve
cve

CVE-2022-20644

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
50
cve
cve

CVE-2022-20645

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
65
cve
cve

CVE-2022-20646

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
43
cve
cve

CVE-2022-20636

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
43
cve
cve

CVE-2022-20643

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
50
cve
cve

CVE-2022-20638

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
56
cve
cve

CVE-2022-20639

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-14 05:15 AM
48
cve
cve

CVE-2021-1561

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

5.4CVSS

5.7AI Score

0.001EPSS

2021-08-18 08:15 PM
33
2
cve
cve

CVE-2021-1585

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM...

8.1CVSS

8.2AI Score

0.068EPSS

2021-07-08 07:15 PM
121
5
cve
cve

CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on....

7.8CVSS

7.8AI Score

0.0004EPSS

2021-01-13 10:15 PM
92
3
cve
cve

CVE-2020-27130

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this...

9.1CVSS

9.2AI Score

0.005EPSS

2020-11-17 04:15 AM
80
cve
cve

CVE-2020-27131

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

9.8CVSS

9.8AI Score

0.932EPSS

2020-11-17 04:15 AM
70
cve
cve

CVE-2020-27125

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by...

9.8CVSS

9.1AI Score

0.005EPSS

2020-11-17 03:15 AM
83
cve
cve

CVE-2020-3171

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input...

7.8CVSS

7.8AI Score

0.0004EPSS

2020-02-26 05:15 PM
42
cve
cve

CVE-2020-3167

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this...

7.8CVSS

7.8AI Score

0.0004EPSS

2020-02-26 05:15 PM
48
cve
cve

CVE-2019-15984

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the...

7.2CVSS

7.9AI Score

0.329EPSS

2020-01-06 08:15 AM
53
cve
cve

CVE-2019-15978

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information...

7.2CVSS

7.2AI Score

0.134EPSS

2020-01-06 08:15 AM
48
cve
cve

CVE-2019-15977

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these...

7.5CVSS

7.6AI Score

0.967EPSS

2020-01-06 08:15 AM
77
cve
cve

CVE-2019-15975

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these...

9.8CVSS

9.8AI Score

0.496EPSS

2020-01-06 08:15 AM
58
cve
cve

CVE-2019-15976

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these...

9.8CVSS

9.8AI Score

0.967EPSS

2020-01-06 08:15 AM
60
cve
cve

CVE-2019-15272

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed...

6.5CVSS

6.7AI Score

0.001EPSS

2019-10-02 07:15 PM
37
cve
cve

CVE-2019-12630

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS

9.8AI Score

0.921EPSS

2019-10-02 07:15 PM
34
cve
cve

CVE-2019-1621

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An...

7.5CVSS

7.7AI Score

0.017EPSS

2019-06-27 03:15 AM
79
cve
cve

CVE-2019-1619

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper...

9.8CVSS

9.8AI Score

0.38EPSS

2019-06-27 03:15 AM
111
cve
cve

CVE-2019-1620

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could.....

9.8CVSS

9.4AI Score

0.529EPSS

2019-06-27 03:15 AM
92
cve
cve

CVE-2019-1622

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM...

5.3CVSS

6.9AI Score

0.683EPSS

2019-06-27 03:15 AM
110
cve
cve

CVE-2019-1903

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending...

9.1CVSS

8.9AI Score

0.004EPSS

2019-06-20 03:15 AM
151
cve
cve

CVE-2019-1854

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit...

4.3CVSS

4.7AI Score

0.004EPSS

2019-05-03 05:29 PM
36
Total number of security vulnerabilities66