Lucene search
K
CiscoContent Security Management Appliance

27 matches found

CVE
CVE
added 2016/09/01 12:0 a.m.2084 views

CVE-2016-2183

The CVE-2016-2183 (Sweet32) issue stems from the DES/3DES ciphers used in TLS/SSL, allowing a birthday attack to recover plaintext from long, encrypted sessions. Public advisories and vendor notes show OpenSSL-based stacks (and products relying on it) were affected, with mitigations including de-...

7.5CVSS6.5AI score0.95707EPSS
In wildWeb
CVE
CVE
added 2019/09/05 1:20 a.m.143 views

CVE-2019-12635

CVE-2019-12635 affects Cisco’s Content Security Management Appliance (SMA) software. The issue is in the authorization module where role permission controls are not correctly enforced, enabling an authenticated, remote attacker with a crafted/custom role to cause out-of-scope access to users’ ema...

4.3CVSS4.8AI score0.01021EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.95 views

CVE-2020-3164

Summary: CVE-2020-3164 is a GUI Denial of Service vulnerability in Cisco AsyncOS web interfaces for the Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA). It stems from improper validation of specific HTTP request headers, allowing...

5.3CVSS5.3AI score0.01281EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.78 views

CVE-2020-3117

CVE-2020-3117 affects Cisco AsyncOS API Framework in Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA). The vulnerability allows an unauthenticated, remote attacker to inject arbitrary HTTP headers into HTTP responses due to insufficient validation of user i...

4.7CVSS5AI score0.00929EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.75 views

CVE-2017-6661

CVE-2017-6661 affects Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface that allows an unauthenticated, remote attacker to execute script code in the context of ...

6.1CVSS5.9AI score0.01242EPSS
CVE
CVE
added 2021/01/20 7:35 p.m.74 views

CVE-2021-1129

The CVE-2021-1129 vulnerability affects Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA). Root cause: missing requirement for a secure authentication token when accessing the general purpose APIs, allowing an unauthent...

5.3CVSS5.1AI score0.01142EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.73 views

CVE-2016-1411

CVE-2016-1411 affects Cisco AsyncOS Software used on Email Security Appliances (ESA), Web Security Appliances (WSA), and Content Management Security Appliances (SMA). The issue stems from lack of certificate validation during HTTPS updates, allowing an unauthenticated attacker to perform a man-in...

5.9CVSS5.8AI score0.01121EPSS
CVE
CVE
added 2020/05/06 4:35 p.m.73 views

CVE-2020-3178

Cisco Content Security Management Appliance (SMA) Open Redirect vulnerabilities (CVE-2020-3178) affect the web-based GUI of Cisco AsyncOS/SMA. Multiple issues arise from improper input validation of HTTP request parameters, allowing an unauthenticated, remote attacker to intercept and modify requ...

6.1CVSS6.4AI score0.00843EPSS
CVE
CVE
added 2015/11/06 2:0 a.m.72 views

CVE-2015-6321

Cisco AsyncOS contains a denial-of-service vulnerability (CVE-2015-6321) in the network stack triggered by a flood of TCP packets, leading to memory exhaustion and disruption of new TCP connections. Affected products include Cisco Email Security Appliance (ESA) on various 8.5.x–9.6.x branches, Ci...

7.8CVSS6.6AI score0.02764EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.72 views

CVE-2019-1983

CVE-2019-1983 affects Cisco AsyncOS for ESA and SMA. The vulnerability stems from insufficient input validation of email attachments in the email message filtering feature, allowing an unauthenticated, remote attacker to cause repeated crashes of internal processes, resulting in a DoS and unavail...

7.8CVSS5.7AI score0.01863EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.70 views

CVE-2017-6783

CVE-2017-6783 affects Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA). The root cause is that these devices do not protect confidential information at rest in SNMP poll responses, enabling an authenticated, remote attacker to dis...

4.3CVSS4.4AI score0.01339EPSS
CVE
CVE
added 2013/07/02 1:0 a.m.68 views

CVE-2013-3395

CVE-2013-3395 describes a CSRF flaw in the web framework of Cisco IronPort products (Web Security Appliance, Email Security Appliance, Content Security Management Appliance). The vulnerability allows remote attackers to hijack the authentication of arbitrary users by inducing them to perform unwa...

6.8CVSS7.5AI score0.00576EPSS
CVE
CVE
added 2021/05/06 12:51 p.m.67 views

CVE-2021-1516

CVE-2021-1516 affects Cisco AsyncOS Software on the Cisco Content Security Management Appliance (SMA), Email Security Appliance (ESA), and Web Security Appliance (WSA). Root cause: confidential information is included in HTTP requests exchanged between the user and the device, allowing an authent...

6.5CVSS5.2AI score0.01156EPSS
CVE
CVE
added 2020/08/17 6:0 p.m.65 views

CVE-2020-3447

The CVE-2020-3447 issue affects Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). Affected component: CLI log subscriptions that are overly verbose, enabling an authenticated attacker with operator-level credentials (or higher) to access...

6.5CVSS5.6AI score0.00738EPSS
CVE
CVE
added 2014/03/20 8:0 p.m.64 views

CVE-2014-2119

The CVE-2014-2119 issue affects Cisco AsyncOS for Email Security Appliance (ESA) and Content Security Management Appliance (SMA). The End User Safelist/Blocklist (SLBL) service permits an authenticated remote user to execute arbitrary code with root privileges by uploading a modified SLBL databas...

8.5CVSS7.6AI score0.02752EPSS
CVE
CVE
added 2018/02/08 7:0 a.m.62 views

CVE-2018-0140

The CVE-2018-0140 issue affects Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (CSMA). It stems from a lack of verification of authenticated user accounts, enabling an authenticated remote attacker to download arbitrary messages from the spam quarantine by mo...

6.5CVSS6.3AI score0.01573EPSS
CVE
CVE
added 2015/08/19 3:0 p.m.60 views

CVE-2015-4322

Cisco SMA exposes a privilege-escalation flaw in LDAP auth handling. Affected: SMA 8.3.6-039, 9.1.0-31, 9.1.0-103. An authenticated remote attacker can read/write another user’s Spam Quarantine via the spam-notification URL due to improper authentication privileges. Advisory Cisco-SA-20150814-CVE...

5.5CVSS6.6AI score0.01697EPSS
CVE
CVE
added 2014/05/20 10:0 a.m.58 views

CVE-2014-2195

CVE-2014-2195 affects Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA). When Active Directory is enabled, the software does not properly handle group names, enabling a remote attacker to gain role privileges by exploiting group-name similarity (Bug I...

4.3CVSS7.2AI score0.01246EPSS
CVE
CVE
added 2015/02/21 11:0 a.m.58 views

CVE-2015-0624

Cisco AsyncOS web framework on ESA, SMA, and WSA is vulnerable to an HTTP header injection flaw due to insufficient validation of header values (notably Host/X-Forwarded-Host). A remote attacker can trigger redirects to arbitrary URLs by sending crafted HTTP headers, potentially aided by publicly...

4.3CVSS6.8AI score0.02157EPSS
CVE
CVE
added 2016/10/05 5:0 p.m.58 views

CVE-2016-6416

The CVE-2016-6416 issue affects Cisco AsyncOS on ESA, WSA, and SMA devices. The local FTP service could be flooded by remote attackers, causing DoS due to lack of throttling. Affected versions include ESA 9.6.0-000 through 9.9.6-026, WSA 9.0.0-162 through 9.5.0-444, and SMA in the same family. Ro...

5.9CVSS5.7AI score0.0202EPSS
CVE
CVE
added 2015/07/29 1:0 a.m.57 views

CVE-2015-4288

CVE-2015-4288 affects Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048. The LDAP server in these devices does not verify X.509 certificates from SSL servers, enabling a man-in-the-middle attacker to s...

4.3CVSS6.1AI score0.00477EPSS
CVE
CVE
added 2013/06/26 9:0 p.m.53 views

CVE-2013-3396

CVE-2013-3396 is a reflected XSS vulnerability in Cisco Content Security Management Appliance (SMA) web framework. OpenVAS notes Cisco IronPort SMA XSS/CSRF issues, with CVE-2013-3396 listed and the OpenVAS payload pointing to a lack of output escaping in the default error 500 page, causing refle...

4.3CVSS5.9AI score0.00931EPSS
CVE
CVE
added 2013/10/24 10:0 a.m.52 views

CVE-2013-5537

The CVE-2013-5537 issue affects Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA). The web framework does not properly manage HTTP/HTTPS session state, allowing an unauthenticated remote attacker to cause a denial of service (manag...

7.8CVSS7AI score0.01328EPSS
CVE
CVE
added 2018/11/08 5:0 p.m.52 views

CVE-2018-15393

The CVE-2018-15393 issue affects Cisco Content Security Management Appliance (SMA) via the web-based management interface. The root cause is insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a malicious link and execute arbit...

6.1CVSS5.3AI score0.01232EPSS
CVE
CVE
added 2014/06/10 10:0 a.m.49 views

CVE-2014-3289

CVE-2014-3289 is a reflected XSS vulnerability in Cisco AsyncOS used by ESA, WSA, and SMA. The issue stems from insufficient input validation of the date_range parameter on the web management interface (notably monitor/reports/overview). A remote attacker can inject arbitrary script by tricking a...

4.3CVSS5.6AI score0.02426EPSS
Web
CVE
CVE
added 2021/05/06 12:40 p.m.48 views

CVE-2021-1447

CVE-2021-1447 describes a local privilege-escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) due to a flaw in the password generation algorithm. An authenticated Administrator can exploit this by enabling specific Administrator-only features and connecting to the ap...

7.2CVSS6.9AI score0.00275EPSS
CVE
CVE
added 2015/09/14 1:0 a.m.47 views

CVE-2015-6288

CVE-2015-6288 affects Cisco Content Security Management Appliance (SMA) 7.8.0-000. The issue is a web-interface vulnerability where insufficient validation of credentials for incoming HTTP requests allows unauthenticated remote attackers to trigger a denial-of-service via rapid log-file rollover,...

5CVSS6.9AI score0.02211EPSS