736 matches found
CVE-2018-0353
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...
CVE-2018-0087
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
CVE-2018-0087
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
Design/Logic Flaw
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
CVE-2018-0087
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
CVE-2018-0087
CVE-2018-0087 affects Cisco Web Security Appliance (WSA) via an FTP authentication bypass. Affects AsyncOS for WSA on virtual/hardware appliances running AsyncOS 10.5.1; vulnerability arises from incorrect FTP credential validation. If FTP is enabled on the management interface, an unauthenticate...
CVE-2018-0087
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
CVE-2018-0095
CVE-2018-0095 affects Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA). A locally authenticated attacker with at least guest privileges can exploit an incorrect networking configuration in the administrative shell CLI to escalate to root. Cisco released advisor...
CVE-2018-0095
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance ESA and Content Security Management Appliance SMA could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential wi...
Cisco Email Security Appliance Security Bypass Vulnerability (CNVD-2017-36396)
The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system used in it.Multipurpose Internet Mail Extensions MIME AsyncOS Software is the operating system used in it. Multipurpose Internet Mail Extensions MIME scanner is on...
Input validation
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
CVE-2017-12353
The CVE-2017-12353 issue affects Cisco AsyncOS Software on Cisco Email Security Appliances (ESA). The MIME scanner component fails to properly handle malformed MIME headers in email attachments, enabling an unauthenticated, remote attacker to bypass configured user filters by sending a crafted MI...
Cisco Email Security Appliance Header Bypass Vulnerability
A vulnerability in the Simple Mail Transfer Protocol SMTP header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling...
CVE-2017-12215
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted,...
CVE-2017-12215
The CVE-2017-12215 entry concerns Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA). A vulnerability in the email message filtering feature allows an unauthenticated, remote attacker to exhaust device memory, causing the filtering process to crash and leading to a DoS as email f...
CVE-2017-12215
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted,...
Cisco AsyncOS Software Denial of Service Vulnerability
The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system used in it. A denial of service vulnerability exists in the email message filtering feature of AsyncOS Software in the Cisco ESA, which arises from the program...
Cross site scripting
A vulnerability in the malware detection functionality within Advanced Malware Protection AMP of Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The...
CVE-2017-12218
CVE-2017-12218 concerns Cisco AsyncOS AMP malware-detection in Cisco ESAs. The issue is a failure to scan certain EML attachments, allowing an unauthenticated remote attacker to deliver a malware-laden attachment to end users and bypass email content filtering. Affected product: Cisco AsyncOS Sof...
CVE-2017-6746
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...