736 matches found
Cisco AsyncOS Software Code Execution Vulnerability
Cisco AsyncOS Software for Email Security Appliance ESA and Cisco Content Security Management Appliance SMA contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user. Cisco has released software updates that address th...
Cisco Ironport Bruteforce Login Utility
This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Cisco Web Security Appliance Web框架任意命令执行漏洞(CVE-2013-3384)
CVECAN ID: CVE-2013-3384 Cisco Web Security Appliance是安全的Web网关,在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。 Cisco Web Security Appliance设备上的IronPort AsyncOS在Web框架的实现上,以及Content Security Management Appliance设备和Email Security...
Cisco June 2013 Security Updates
Cisco’s Product Security Incident Response Team pushed out software updates for four different network security products. The fixes contain workarounds that can help users mitigate multiple denial-of-service and command-injection vulnerabilities recently found in Cisco’s software. The holes exist...
CVE-2013-3384
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
Command injection
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294...
CVE-2013-3385
CVE-2013-3385 affects Cisco IronPort AsyncOS management GUI across multiple Cisco devices (WSA, ESA, CMA). The vulnerability allows remote attackers to cause a denial of service (system hang) by sending a series of HTTP or HTTPS requests to the management interface. Affected versions include WSA ...
CVE-2013-3384
CVE-2013-3384 affects Cisco IronPort AsyncOS web framework across multiple Cisco security appliances (WSA, ESA, CSPMA). The vulnerability allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL. Affected versions include Cisco Web Security Appliance...
CVE-2013-3385
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance...
CVE-2013-3383
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294...
CVE-2013-3383
CVE-2013-3383 affects Cisco Web Security Appliance (IronPort AsyncOS) web framework. The vulnerability allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4. Affects AsyncOS on WSA devices pre-7.1.3-013, pre-7.5.0-838, and pre-7.7.0...
Cisco IronPort Web Security Appliance AsyncOS SSL Certificate Caching Vulnerability
Cisco IronPort Web Security Appliance AsyncOS software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks against a targeted system. The vulnerability is in the insecure SSL implementation of the affected operating system due to...
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
Cisco AsyncOS Software for Cisco Web Security Appliance WSA, Cisco Email Security Appliance ESA, and Cisco Content Security Management Appliance SMA contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Cisco has released...
IronPort AsyncOS垃圾邮件隔离功能登录页面跨站脚本漏洞
BUGTRAQ ID: 35203 CVECAN ID: CVE-2009-1162 IronPort系列产品是广泛使用的邮件加密网关,AsyncOS是该产品所使用的操作系统,专门用于处理并发通讯的瓶颈以及基于文件的邮件队列的限制。 AsyncOS的垃圾邮件隔离功能的登录页面没有正确地过滤用户所提交的请求,如果远程攻击者提交了带有referrer参数的特制登录请求的话,就可以执行跨站脚本攻击,导致在用户浏览器会话中注入并执行任意代码。 Cisco IronPort AsyncOS 6.5.1 厂商补丁: Cisco -----...
Cross site scripting
Cross-site scripting XSS vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter...
CVE-2009-1162
Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances is affected by an XSS vulnerability in the Spam Quarantine login page, exploitable via the referrer parameter to inject arbitrary script/HTML in a user’s browser. Root cause: improper input handling on the login page. Impact: re...