Cisco Secure Email and Web Manager RCE (cisco-sa-sma-attack-N9bf4)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by a vulnerability. - A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attack...

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

Cisco Secure Email Gateway RCE (cisco-sa-sma-attack-N9bf4)

According to its self-reported version, Cisco Secure Email Gateway is affected by a remote code execution vulnerability. - A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated,...

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat APT actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking...

Vulnerability in Cisco AsyncOS

Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

VulnCheck KEV: CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

EUVD-2013-3321

Malware in sbrugna...

EUVD-2008-2824

Malware in sbrugna...

EUVD-2018-0963

Malware in sbrugna...

EUVD-2015-4345

Malware in sbrugna...

EUVD-2007-3780

Malware in sbrugna...

EUVD-2021-7028

Malicious code in bioql PyPI...

CVE-2013-3386

The IronPort Spam Quarantine ISQ component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers...

CVE-2021-1561

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

CVE-2021-1561

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

Code injection

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

CVE-2021-1561 Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

CVE-2021-1561

Cisco Secure Email and Web Manager (formerly SMA) contains CVE-2021-1561: an authenticated remote attacker can gain unauthorized access to and modify another user’s spam quarantine settings due to improper restriction of the spam-quarantine feature. Exploitation involves sending malicious request...