Asyncos Security Vulnerabilities and Issues — Asyncos CVE List

Lucene search

CiscoAsyncos

9 matches found

CVE•added 2024/07/17 5:15 p.m.•104 views

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vul...

8.8CVSS7.5AI score0.0014EPSS

CVE•added 2019/07/04 8:15 p.m.•90 views

CVE-2019-1886

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker coul...

8.6CVSS8.5AI score0.0085EPSS

CVE•added 2022/11/04 6:15 p.m.•89 views

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this ...

8.8CVSS8.6AI score0.00095EPSS

CVE•added 2020/09/23 1:15 a.m.•73 views

CVE-2019-1947

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The v...

8.6CVSS8.4AI score0.02174EPSS

CVE•added 2019/11/26 3:15 a.m.•72 views

CVE-2019-15956

A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific UR...

8.8CVSS8.4AI score0.00195EPSS

CVE•added 2024/11/15 4:15 p.m.•71 views

CVE-2022-20871

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.This vulnerability is due to insufficient validat...

8.8CVSS7.1AI score0.0029EPSS

CVE•added 2019/01/10 10:29 p.m.•68 views

CVE-2018-15460

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The ...

8.6CVSS8.4AI score0.00384EPSS

CVE•added 2021/10/06 8:15 p.m.•56 views

CVE-2021-34698

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the p...

8.6CVSS7.8AI score0.00517EPSS

CVE•added 2024/05/15 6:15 p.m.•49 views

CVE-2024-20383

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attac...

8.4CVSS6.3AI score0.00099EPSS