Design/Logic Flaw

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

CVE-2021-1534 Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker...

CVE-2021-1534 Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS for Cisco Web Security Appliance, which is caused by improper memory management in the proxy service of the affected device. An attacker could exploit the vulnerability by...

The vulnerability of Cisco AMP, a security tool against malicious software, for end-user devices running Cisco AsyncOS in Cisco Email Security Appliance and Cisco Web Security Appliance systems is related to the lack of trust-chain tracking during certificate verification. This allows attackers to intercept traffic between affected devices.

The vulnerability of Cisco AMP, a security tool for malicious software, in devices running Cisco AsyncOS, which are part of Cisco Email Security Appliance and Cisco Web Security Appliance systems, stems from the lack of trust-chain tracking during certificate verification. Exploiting this...

Cisco Web Security Appliance Privilege Escalation (cisco-sa-scr-web-priv-esc-k3HCGJZ)

According to its self-reported version, Cisco Web Security Appliance is affected by a privilege escalation vulnerability. A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injectio...

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

CVE-2021-1359

CVE-2021-1359 affects Cisco AsyncOS Web Security Appliance (WSA) in the configuration management path. The issue arises from insufficient validation of user-supplied XML input in the web interface, allowing an authenticated, remote attacker with a valid account to upload crafted XML configuration...

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

CVE-2021-1566

A vulnerability in the Cisco Advanced Malware Protection AMP for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers...

Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability

A vulnerability in the Cisco Advanced Malware Protection AMP for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers...

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the web interface for managing Cisco AsyncOS operating systems is related to deficiencies in the security of operational data in the source code. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information throug...

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems allows attackers to perform cross-site scripting attacks.

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by executing a specially created...

Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-wsa-sma-info-gY2AEz2H)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP...

Cisco Web Security Appliance Stored XSS (cisco-sa-wsa-xss-RuB5WGqL)

According to its self-reported version, Cisco Web Security Appliance WSA is affected by a cross-site scripting XSS vulnerability. A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a...

The vulnerability of the Cisco AsyncOS operating system’s account management system allows a hacker to elevate their privileges to the root level. This enables the hacker to exploit the system for malicious purposes.

The vulnerability of the Cisco AsyncOS operating system’s account management system exists due to a flaw in the password generation algorithm. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

CVE-2021-1447

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2021-1516 Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...