736 matches found
Cisco AsyncOS 安全漏洞
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email, Web Manager, which arises from insufficient validation of user input, allowing an authenticated, remote attacker to conduct a cross-site scripti...
PT-2024-4561 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email Gateway affected versions not specified Description: The issue is related to insufficient validation of user input in the web-based management interface, allowing an authenticated, remote attacker...
PT-2024-4548 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email Gateway affected versions not specified Description: The issue is related to insufficient input validation of parameters passed to the web-based management API, allowing an unauthenticated, remote...
The vulnerability in the web interface and command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems allows a malicious user to execute arbitrary commands from the root user.
The vulnerability in the web interface and the command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems is related to improper validation of the loaded configuration file for the SNMP protocol. Exploiting this vulnerability allows a maliciou...
Cisco Secure Web Appliance Content Encoding Filter Bypass (cisco-sa-wsa-bypass-vXvqwzsj)
According to its self-reported version, the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper...
Cisco AsyncOS Input Validation Error Vulnerability
Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
Input validation
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
CVE-2020-26082
CVE-2020-26082 derives from Cisco AsyncOS (ESA) ’s zip decompression engine, where improper handling of password-protected zip files allows an unauthenticated, remote attacker to bypass configured content filters. The issue affects Cisco Email Security Appliance (ESA) running affected AsyncOS ver...
CVE-2020-26082
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...
CVE-2023-20215
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...
CVE-2023-20215
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...
CVE-2023-20215
CVE-2023-20215 affects Cisco AsyncOS for Cisco Secure Web Appliance. The vulnerability lies in the scanning engines’ handling of certain content-encodings (deflate, and by default lzma/brotli in some cases), enabling an unauthenticated, remote attacker to bypass an explicit block rule and cause t...
The vulnerability of Cisco AsyncOS operating system’s scanning mechanism for Cisco Secure Web Appliances allows attackers to circumvent traffic blocking rules.
The vulnerability of the Cisco AsyncOS operating system’s scanning mechanism for the Cisco Secure Web Appliance is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent traffic blocking rules when encoding types such as deflate, lzma,...
Cisco Secure Web Appliance 安全漏洞
Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...
Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...
PT-2023-4106 · Cisco · Cisco Secure Web Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Secure Web Appliance versions affected versions not specified Description: The issue is related to a flaw in the scanning mechanism of Cisco AsyncOS for Cisco Secure Web Appliance, specifically concerning inadequate access control. This...
CVE-2023-20120
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...
CVE-2023-20120
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...
CVE-2023-20119
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...