Asyncos Security Vulnerabilities and Issues — Asyncos CVE List

Lucene search

CiscoAsyncos

8 matches found

CVE•added 2022/11/04 6:15 p.m.•88 views

CVE-2022-20867

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged...

6.5CVSS6.7AI score0.00046EPSS

CVE•added 2024/05/15 6:15 p.m.•74 views

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to the...

6.1CVSS6.1AI score0.00174EPSS

CVE•added 2018/03/08 7:29 a.m.•60 views

CVE-2018-0087

A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential ...

6.8CVSS5.5AI score0.00279EPSS

CVE•added 2024/11/18 4:15 p.m.•58 views

CVE-2021-1425

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.The vulnerability exists because confidential information is bein...

6.5CVSS4.5AI score0.00136EPSS

CVE•added 2022/11/04 6:15 p.m.•58 views

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information fr...

6.5CVSS6.2AI score0.00135EPSS

CVE•added 2024/05/15 6:15 p.m.•47 views

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validat...

6.1CVSS6.7AI score0.0013EPSS

CVE•added 2025/02/05 5:15 p.m.•46 views

CVE-2025-20185

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authent...

6.7CVSS7.5AI score0.0002EPSS

CVE•added 2020/09/04 3:15 a.m.•45 views

CVE-2020-3547

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an aff...

6.5CVSS5.2AI score0.00172EPSS