CVE-2021-1516 Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2021-1516

CVE-2021-1516 affects Cisco AsyncOS Software on the Cisco Content Security Management Appliance (SMA), Email Security Appliance (ESA), and Web Security Appliance (WSA). Root cause: confidential information is included in HTTP requests exchanged between the user and the device, allowing an authent...

CVE-2021-1490

CVE-2021-1490 : Cisco Web Security Appliance (WSA) uses Cisco AsyncOS with a web-based management interface vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. An unauthenticated, remote attacker can lure a user to upload a crafted file containing a malicio...

CVE-2021-1490 Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to improper...

CVE-2021-1447 Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

Cisco Content Security Management Appliance 安全漏洞

Cisco Content Security Management Appliance SMA is a set of content security management equipment from Cisco Cisco. The appliance is mainly used to manage all policies, reports, audit information, etc. for e-mail and Web security devices. An information disclosure vulnerability exists in the Cisc...

The vulnerability in the web interface of Cisco AsyncOS software for Cisco Email Security Appliances and Cisco Content Security Management Appliances allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco AsyncOS software web interface for Cisco Email Security Appliances and Cisco Content Security Management Appliances relates to the disclosure of information during data transmission. Exploiting this vulnerability could allow an attacker to gain unauthorized access t...

Vulnerability fixed in Cisco ESA and SMA

A vulnerability has been fixed in the web-based administrator interface Cisco AsyncOS for Cisco ESA and SMA. The vulnerability allows an authenticated remote malicious party to able to obtain sensitive data. Cisco has released updates to fix the vulnerability. More information can be found on the...

CVE-2021-1271

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...

CVE-2021-1271

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...

CVE-2021-1271 Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...

CVE-2021-1271

CVE-2021-1271 affects Cisco Web Security Appliance (WSA) AsyncOS. The issue is a stored cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper validation of user-supplied input. An authenticated, remote attacker could exploit this in the affected interfa...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

The Cisco Web Security Appliance WSA is a web security appliance from Cisco. The appliance provides SaaS-based access control, real-time web reporting and tracking, and security policy formulation.AsyncOS Software is the operating system used in the appliance. A cross-site scripting vulnerability...

The vulnerability of the spam protection mechanism in the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) allows a hacker to bypass the URL filtering.

The vulnerability of the spam protection mechanism in Cisco’s operating system, Cisco AsyncOS, within Cisco Email Security Appliance ESA, is related to errors during the validation of incoming URL addresses. Exploiting this vulnerability could allow a malicious actor to bypass the URL filtering...

The vulnerability in the subscription subsystem of Cisco AsyncOS allows a hacker to increase their privileges.

The vulnerability of the subscription subsystem for Cisco AsyncOS relates to the lack of measures to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow attackers to enhance their privileges...

Command injection

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

CVE-2020-3367

The CVE-2020-3367 issue affects Cisco AsyncOS for the Cisco Secure Web Appliance (WSA). It targets the log subscription subsystem where insufficient validation of user-supplied input enables an authenticated, local attacker to inject commands via the web interface or CLI and elevate to root. Impa...

Cisco AsyncOS 操作系统命令注入漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. Cisco AsyncOS for the Cisco Secure Web Appliance suffers from an operating system command injection vulnerability that stems from insufficient validation of user-supplied web interface and CLI input. The vulnerability can be...