Secure Email Gateway XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remot...

Secure Web Appliance XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)

According to its self-reported version, Secure Web Appliance is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remot...

CVE-2024-20504

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. Cisco AsyncOS suffers from a cross-site scripting vulnerability that stems from insufficient authentication of user input. An authenticated, remote attacker could exploit this vulnerability to launch a stored cross-site...

Cisco Ironport Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Ironport Bruteforce Login Utility', 'Description' = % This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncO...

The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of the Cisco Secure Email Gateway allows a attacker to execute arbitrary system commands.

The vulnerability in the web interface of the Cisco AsyncOS operating system of the Cisco Secure Email Gateway lies in the improper elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrary system...

The vulnerability of the command-line interface (CLI) of the Cisco AsyncOS operating system for Cisco Secure Web Appliances (formerly known as “Cisco Web Security Appliances”) allows a attacker to execute arbitrary system commands.

The vulnerability of the command-line interface CLI of the Cisco AsyncOS operating system’s web management interface allows attackers to execute arbitrary system commands. This vulnerability is related to incorrect input validation. Exploiting this vulnerability enables attackers to execute...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20429

The CVE-2024-20429 entry concerns Cisco AsyncOS for Secure Email Gateway. Affected component: the web-based management interface. Root cause: insufficient input validation enabling Server-Side Template Injection. Impact: an authenticated user with Operator privileges could remotely execute arbitr...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20435

CVE-2024-20435 affects Cisco Secure Web Appliance (AsyncOS) CLI. The root cause is insufficient input validation in the CLI, allowing an authenticated, local attacker to execute arbitrary commands and elevate to root. The attack requires at least guest credentials and is local, with impact on con...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

PT-2024-5447 · Cisco · Cisco Asyncos

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS for Secure Email Gateway affected versions not specified Description: A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute...

The vulnerability in the web interface of the Cisco AsyncOS operating system allows a hacker to carry out an XSS attack using the Cisco Secure Email Gateway security system.

The vulnerability in the Cisco AsyncOS operating system’s web interface exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, who has successfully authenticated themselves remotely, to carry out XSS...