CVE-2025-20393 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

PT-2025-5713 · Cisco · Cisco Secure Web Appliance +2

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Email Gateway affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in Simple Network Management...

The vulnerability in the web interface for controlling Cisco AsyncOS devices, including Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, allows attackers to execute XSS attacks.

The vulnerability in the web interface for managing Cisco AsyncOS devices, including Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, is related to deficiencies in the security measures used to protect the structure of web pages. Exploiting this vulnerability...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2023-20028

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

The vulnerability in the web interface of the Cisco AsyncOS operating system of the Cisco Secure Email and Web Manager devices allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability in the web interface of the Cisco AsyncOS operating system of the Cisco Secure Email and Web Manager devices exists due to the lack of measures taken to protect the structure of the web pages. Exploiting this vulnerability allows a malicious actor, who operates remotely and has...

CVE-2023-20028

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

Vulnerabilities fixed in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager.

Cisco has fixed vulnerabilities in Email Security Appliance ESA and Secure Email and Web Manager. A malicious party with prior authentication could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code with elevated privileges,...

CVE-2022-20867

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileg...

The vulnerability of the external authentication function of the Cisco Secure Email and Web Manager (formerly known as Cisco Security Management Appliance and Cisco Email Security Appliance) relates to access control errors, allowing attackers to gain full access to the device’s web interface.

The vulnerability of the external authentication function of Cisco Secure Email and Web Manager formerly known as Cisco Security Management Appliance and Cisco Email Security Appliance is related to access control errors. Exploiting this vulnerability can allow an attacker, operating remotely, to...

The vulnerabilities in the implementation of the TCP/IP protocol stack of Cisco Email Security Appliance, Cisco Web Security Appliance web servers, and Cisco Secure Email and Web Manager (formerly known as Cisco Security Management Appliance) allow attackers to induce service interruptions.

The vulnerability of the TCP/IP protocol stack implementation of Cisco Email Security Appliance, Cisco Web Security Appliance, and Cisco Secure Email and Web Manager formerly Cisco Security Management Appliance is related to an exception handling error. Exploitation of this vulnerability could...

CVE-2022-20675

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol SNMP service...