736 matches found
Code injection
The FTP service in Cisco AsyncOS on Email Security Appliance ESA devices 9.6.0-000 through 9.9.6-026, Web Security Appliance WSA devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance SMA devices allows remote attackers to cause a denial of service via a flood of FTP...
CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance ESA devices 9.6.0-000 through 9.9.6-026, Web Security Appliance WSA devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance SMA devices allows remote attackers to cause a denial of service via a flood of FTP...
CVE-2016-6416
The CVE-2016-6416 issue affects Cisco AsyncOS on ESA, WSA, and SMA devices. The local FTP service could be flooded by remote attackers, causing DoS due to lack of throttling. Affected versions include ESA 9.6.0-000 through 9.9.6-026, WSA 9.0.0-162 through 9.5.0-444, and SMA in the same family. Ro...
Cisco Content Security Management Appliance File Transfer Protocol Denial of Service Vulnerability (cisco-sa-20160928-aos)
A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be...
Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability
A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Email Security Appliance ESA, Web Security Appliance WSA, and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...
CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance ESA devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debuggin...
Design/Logic Flaw
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance ESA devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debuggin...
CVE-2016-6406
Cisco IronPort AsyncOS on Cisco Email Security Appliances (ESA) is affected by a remote code execution vulnerability (CVE-2016-6406) due to an internal testing/debugging interface present on affected releases. When Enrollment Client before 1.0.2-065 is installed, an unauthenticated remote attacke...
CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance ESA devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debuggin...
Cisco Web Security Appliance AsyncOS Denial of Service Vulnerability (CNVD-2016-07730)
Cisco AsyncOS on Web Security Appliance WSA is a set of operating systems running in Web Security Appliance WSA from Cisco USA. A denial of service vulnerability exists in AsyncOS 9.5.0-444 and earlier versions on the Cisco WSA appliance. A remote attacker could exploit this vulnerability by...
CVE-2016-6407
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...
CVE-2016-6407
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...
Code injection
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...
CVE-2016-6407
CVE-2016-6407 affects Cisco Web Security Appliance AsyncOS prior to 9.5.0-444. The issue is a denial-of-service condition caused by the device processing many overlapping HTTP byte-range requests, leading to link saturation. A remote attacker can trigger the DoS without authentication by issuing ...
CVE-2016-6407
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service link saturation by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...
CVE-2016-1461
Cisco AsyncOS on Email Security Appliance ESA devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932...
Design/Logic Flaw
Cisco AsyncOS on Email Security Appliance ESA devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932...
CVE-2016-1461
Cisco AsyncOS on Email Security Appliance ESA devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932...