Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat APT actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking...

Cisco Multiple Products Improper Input Validation Vulnerability

Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance...

EUVD-2016-7385

Malware in sbrugna...

EUVD-2018-1176

Malware in sbrugna...

EUVD-2019-4297

Malware in sbrugna...

EUVD-2017-12987

Malware in sbrugna...

EUVD-2016-7283

Malware in sbrugna...

EUVD-2018-0911

Malware in sbrugna...

EUVD-2018-1233

Malware in sbrugna...

EUVD-2024-17973

Malicious code in bioql PyPI...

EUVD-2021-6892

Malicious code in bioql PyPI...

EUVD-2025-2171

Malicious code in bioql PyPI...

EUVD-2023-24299

Malicious code in bioql PyPI...

CVE-2024-20504

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface...

CVE-2020-3548

A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...

CVE-2012-0334

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks...

CVE-2025-20180

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

Cisco Secure Email Gateway Command Injection (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform...

Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...