736 matches found
CVE-2022-20960
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an...
CVE-2025-20180
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
CVE-2025-20185
A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...
CVE-2025-20184
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...
CVE-2025-20183
A vulnerability in a policy-based Cisco Application Visibility and Control AVC implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability i...
CVE-2025-20185
A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must...
CVE-2025-20184
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...
CVE-2025-20180
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
CVE-2025-20184
Cisco CVE-2025-20184 affects the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance. The issue arises from insufficient validation of XML configuration files, allowing an authenticated attacker (with valid admin credentials) to u...
CVE-2025-20183
The CVE-2025-20183 issue affects Cisco Secure Web Appliance (AsyncOS) where improper handling of crafted HTTP Range headers in the policy-based AVC implementation can let an unauthenticated, remote attacker evade the antivirus scanner and download malware to an endpoint. The core details describe...
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities
Multiple vulnerabilities in Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an attacker to execute arbitrary commands locally or remotely. For more information about these vulnerabilities, see the Details...
CVE-2024-20435
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...
PT-2025-5707 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct...
PT-2025-5710 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in the implementation of the remote access functionality...
Cisco AsyncOS 跨站脚本漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS that originates from improper user input validation and can be exploited by a remote attacker to execute arbitrary script code or access sensitive information via a...
Cisco AsyncOS 安全漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS, which stems from a flaw in the password generation algorithm that allows an authenticated, local attacker to generate temporary passwords and gain root privileges...
Cisco AsyncOS 输入验证错误漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...
CVE-2020-3548
A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...
CVE-2022-20871
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient...
Cisco AsyncOS Cross-Site Scripting Vulnerability
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. Cisco AsyncOS suffers from a cross-site scripting vulnerability that stems from insufficient authentication of user input. An authenticated, remote attacker could exploit this vulnerability to launch a stored cross-site...