736 matches found
Command injection
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...
Cross site scripting
A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials...
CVE-2017-6746
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...
CVE-2017-6746
The CVE-2017-6746 entry describes a command-injection and root-privilege escalation vulnerability in the web interface of Cisco Web Security Appliance (WSA) running Cisco AsyncOS. Impact requires an authenticated administrator, and the flaw allows remote command execution with root privileges via...
CVE-2017-6746
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...
Cisco Web Security Appliance Static Credentials Vulnerability
A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI. The vulnerability is due to a us...
Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
The Cisco Email Security Appliance is a suite of email security appliances.Cisco Content Security Management is a unified email and Web security management solution. An email scanning vulnerability exists in the Cisco AsyncOS Software in the Cisco Email Security Appliance ESA appliance that stems...
Design/Logic Flaw
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Release...
CVE-2017-6671
CVE-2017-6671 affects Cisco AsyncOS for Cisco Email Security Appliance (ESA). The vulnerability resides in the email message scanning feature, where improper validation of emails with attachments and a modified MIME header can allow an unauthenticated, remote attacker to bypass configured filters...
Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...
Information disclosure
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco...
CVE-2017-3870
CVE-2017-3870 is a vulnerability in the URL filtering feature of Cisco AsyncOS for Cisco Web Security Appliance (WSA) that could allow an unauthenticated, remote attacker to bypass a configured URL filter. Affected: all releases prior to the first fixed release of Cisco AsyncOS for WSA, on both v...
CVE-2017-3870
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco...
CVE-2017-3827
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This...
CVE-2017-3827
CVE-2017-3827 affects Cisco AsyncOS MIME scanner in Cisco ESA/WSA. A remote, unauthenticated attacker can bypass configured user filters due to improper handling of malformed MIME headers, enabling bypass of filter protections on affected devices. Affected releases include Cisco ESA/WSA versions ...
Cisco AsyncOS for Email and Web Security Appliances Remote Security Bypass Vulnerability
Cisco AsyncOS for Email and Web Security Appliance WSA are both products of Cisco, Inc. and are a set of network security appliances.Cisco AsyncOS is a set of operating systems used in these products. A remote security bypass vulnerability exists in Cisco AsyncOS for Email and Web Security...
Cisco AsyncOS Software for Cisco WSA Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions mig...
Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
Cisco Email Security Appliance for AsyncOS Security Bypass Vulnerability
Cisco AsyncOS Software for Cisco Email Security Appliances ESA is a set of operating systems used in Email Security Appliances ESA from Cisco USA. A security vulnerability exists in the Multipurpose Internet Mail Extensions MIME scanner in the Cisco AsyncOS Software for Cisco ESA. A remote attack...
CVE-2017-3818
Cisco AsyncOS for Cisco Email Security Appliances (ESA) contains a vulnerability in the MIME scanner that allows an unauthenticated, remote attacker to bypass configured user filters via a malformed MIME header in attachments. Affected releases are all prior to the first fixed release (9.8.0-092)...