11 matches found
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...
Cisco多款产品 信息泄露漏洞
Cisco Secure Web Appliance and others are products of Cisco USA.Cisco Secure Web Appliance is an application.Cisco Secure Email and Web Manager is a secure email and web manager.Cisco Secure Email Gateway is a secure email gateway software. An information disclosure vulnerability exists in variou...
CVE-2024-20256
The CVE-2024-20256 entry concerns Cisco AsyncOS Web UI vulnerabilities in Cisco Secure Email and Web Manager and Secure Web Appliance. The issue stems from insufficient input validation in the web-based management interface, allowing an authenticated, remote attacker to lure a user into clicking ...
CVE-2023-20009
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway ESA and Cisco Secure Email and Web Manager SMA could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a...
Cisco Secure Email and Web Manager Information Disclosure (cisco-sa-cnt-sec-infodiscl-BVKKnUG)
According to its self-reported version, Cisco Secure Email and Web Manager is affected by an information disclosure vulnerability that could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to...
CVE-2022-20942
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...
CVE-2022-20772
CVE-2022-20772 affects Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager. The issue is an HTTP Response Header Injection/HTTP response splitting caused by insufficient input sanitization, allowing an unauthenticated, remote attacker to inject headers and influence the re...
Vulnerabilities fixed in Cisco ESA, SWA and Secure Email and Web Manager
Cisco has fixed several vulnerabilities in Cisco Email Security Appliance ESA, Secure Web Appliance SWA, vh. Web Security Appliance and the Secure Email and Web Manager. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to execute arbitrary commands execute with ro...
Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esasmawsa-vulns-YRuSW5mD)
According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - an SQL injection vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. To exploit this vulnerability, an...
Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager
Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...
CVE-2021-1561 Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability
A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...