CVE-2020-3117

CVE-2020-3117 affects Cisco AsyncOS API Framework in Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA). The vulnerability allows an unauthenticated, remote attacker to inject arbitrary HTTP headers into HTTP responses due to insufficient validation of user i...

CVE-2020-3117 Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

CVE-2020-3133 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

CVE-2020-3133 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

The vulnerability in the web interface of Cisco AsyncOS software for Cisco Email Security Appliances and Cisco Content Security Management Appliances, as well as for Cisco Web Security Appliances, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the web interface for managing Cisco AsyncOS software for Cisco Email Security Appliances, Cisco Content Security Management Appliances, and Cisco Web Security Appliances relates to a insecure method for masking certain passwords. Exploiting this vulnerability could allow an...

Cisco Email Security Appliance (ESA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interfac...

Cisco Content Security Management Appliance (SMA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Content Security Management Appliance SMA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based...

Cisco Web Security Appliance (WSA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Web Security Appliance WSA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interface...

CVE-2020-3547

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2020-3546

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

CVE-2020-3547

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

Input validation

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

CVE-2020-3547

Cisco AsyncOS software on ESA, SMA, and WSA exposes an information-disclosure vulnerability in the web-based management interface due to an insecure method for masking passwords in HTML. An authenticated, remote attacker connected to the management interface could view the raw HTML and potentiall...

CVE-2020-3547 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

CVE-2020-3546

CVE-2020-3546 affects Cisco Email Security Appliance (ESA) running Cisco AsyncOS. The issue stems from insufficient validation of requests to the web-based management interface, allowing an unauthenticated, remote attacker to access sensitive information. Exploitation could disclose IP addresses ...

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...

CVE-2020-3447

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...