CVE-2019-1947 Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...

CVE-2019-1983 Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...

CVE-2020-3133 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

Cisco Email Security Appliance (ESA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interfac...

Cisco Content Security Management Appliance (SMA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Content Security Management Appliance SMA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based...

CVE-2020-3368 Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An...

CVE-2020-3368

The CVE affects Cisco AsyncOS on the Cisco Email Security Appliance (ESA), where an input-validation weakness allows an unauthenticated, remote attacker to bypass URL reputation filters by crafting a URL. The root cause is insufficient URL input validation. Impact is bypass of URL filtering, enab...

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An...

CVE-2020-3178 Cisco Content Security Management Appliance Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an...

CVE-2020-3178 Cisco Content Security Management Appliance Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an...

Cisco Email Security Appliance URL Filtering Bypass (cisco-sa-20191120-esa-url-bypass)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by a vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software due to insufficient input validation of URLs. An unauthenticated, remote attacker can exploit this, by crafting the URL in a...

CVE-2020-3181

CVE-2020-3181 : Cisco AsyncOS for Cisco Email Security Appliances (ESA) contains an uncontrolled resource-exhaustion vulnerability in the malware detection/AMP path due to insufficient control over memory allocation. An unauthenticated remote attacker can send a crafted email to exhaust device re...

CVE-2020-3181 Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

Design/Logic Flaw

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...

CVE-2020-3132 Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

Input validation

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker...