CVE-2017-3800

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the...

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. The vulnerability is due to incomplete input validation of email message...

Design/Logic Flaw

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. More Information:...

CVE-2016-6465

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This...

CVE-2016-9212

Cisco Web Security Appliance (WSA) Drop Decrypt Policy Bypass (CVE-2016-9212) is caused by incomplete HTTP header input validation in the Decrypt for End-User Notification configuration. Under HTTPS decryption, an unauthenticated remote attacker could connect to a blocked HTTPS website despite po...

CVE-2016-1411

CVE-2016-1411 affects Cisco AsyncOS Software used on Email Security Appliances (ESA), Web Security Appliances (WSA), and Content Management Security Appliances (SMA). The issue stems from lack of certificate validation during HTTPS updates, allowing an unauthenticated attacker to perform a man-in...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions...

Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

CVE-2016-6458

CVE-2016-6458 concerns Cisco AsyncOS on Cisco Email Security Appliances where an unauthenticated, remote attacker can bypass content filters by exploiting incorrect validation of protected or encrypted attachments, specifically RAR files. Affected products include Cisco AsyncOS Software for Email...

CVE-2016-6463

CVE-2016-6463 affects Cisco AsyncOS for Cisco Email Security Appliances. The issue is in the MIME header processing/filter bypass that lets an unauthenticated, remote attacker bypass AMP filters when the AMP feature scans incoming attachments. Exploitation involves sending a crafted MIME-encoded ...

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. SPDX-FileCopyrightText: 2016 Greenbone A...

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. The vulnerability is due to improper err...

Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the...

Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the...

CVE-2016-1486

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection AMP feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages du...

Authentication flaw

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all...

Design/Logic Flaw

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection AMP feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages du...

Design/Logic Flaw

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device.Affected Products: This vulnerability affects all releases prior to...

Design/Logic Flaw

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...

CVE-2016-1486

CVE-2016-1486 affects Cisco AsyncOS for Cisco Email Security Appliances, specifically the AMP email-attachment scanning feature. The root cause is improper handling in the attachment-scanning process, enabling an unauthenticated, remote attacker to trigger a DoS that stops scanning and forwarding...