Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2026/01/16 5:38 a.m.8 views

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

10CVSS7.8AI score0.2906EPSS
Exploits2
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.4 views

Cisco多款产品 信息泄露漏洞

Cisco Secure Web Appliance and others are products of Cisco USA.Cisco Secure Web Appliance is an application.Cisco Secure Email and Web Manager is a secure email and web manager.Cisco Secure Email Gateway is a secure email gateway software. An information disclosure vulnerability exists in variou...

4.3CVSS5.9AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 5:56 p.m.70 views

CVE-2024-20256

The CVE-2024-20256 entry concerns Cisco AsyncOS Web UI vulnerabilities in Cisco Secure Email and Web Manager and Secure Web Appliance. The issue stems from insufficient input validation in the web-based management interface, allowing an authenticated, remote attacker to lure a user into clicking ...

4.8CVSS6.6AI score0.00294EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/03/01 8:15 a.m.4 views

CVE-2023-20009

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway ESA and Cisco Secure Email and Web Manager SMA could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a...

7.2CVSS7.5AI score0.01262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/11/07 12:0 a.m.21 views

Cisco Secure Email and Web Manager Information Disclosure (cisco-sa-cnt-sec-infodiscl-BVKKnUG)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by an information disclosure vulnerability that could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to...

6.5CVSS6.6AI score0.00891EPSS
Exploits0References3
OSV
OSV
added 2022/11/04 6:15 p.m.4 views

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...

6.5CVSS5.8AI score0.00891EPSS
Exploits0References1
CVE
CVE
added 2022/11/03 7:32 p.m.74 views

CVE-2022-20772

CVE-2022-20772 affects Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager. The issue is an HTTP Response Header Injection/HTTP response splitting caused by insufficient input sanitization, allowing an unauthenticated, remote attacker to inject headers and influence the re...

5.3CVSS5.3AI score0.00546EPSS
Exploits0References1Affected Software1
NCSC
NCSC
added 2022/11/03 12:0 a.m.4 views

Vulnerabilities fixed in Cisco ESA, SWA and Secure Email and Web Manager

Cisco has fixed several vulnerabilities in Cisco Email Security Appliance ESA, Secure Web Appliance SWA, vh. Web Security Appliance and the Secure Email and Web Manager. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to execute arbitrary commands execute with ro...

8.8CVSS7.6AI score0.00891EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.23 views

Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esasmawsa-vulns-YRuSW5mD)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - an SQL injection vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. To exploit this vulnerability, an...

8.8CVSS7.5AI score0.0075EPSS
Exploits0References4
NCSC
NCSC
added 2022/06/16 12:0 a.m.4 views

Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager

Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...

9.8CVSS6.9AI score0.01427EPSS
Exploits0
Cvelist
Cvelist
added 2021/08/18 7:40 p.m.28 views

CVE-2021-1561 Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

5.4CVSS5.9AI score0.00743EPSS
Exploits0References1
Rows per page
Query Builder