6 matches found
CVE-2019-12635
CVE-2019-12635 affects Cisco’s Content Security Management Appliance (SMA) software. The issue is in the authorization module where role permission controls are not correctly enforced, enabling an authenticated, remote attacker with a crafted/custom role to cause out-of-scope access to users’ ema...
CVE-2020-3164
Summary: CVE-2020-3164 is a GUI Denial of Service vulnerability in Cisco AsyncOS web interfaces for the Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA). It stems from improper validation of specific HTTP request headers, allowing...
CVE-2020-3117
CVE-2020-3117 affects Cisco AsyncOS API Framework in Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA). The vulnerability allows an unauthenticated, remote attacker to inject arbitrary HTTP headers into HTTP responses due to insufficient validation of user i...
CVE-2020-3178
Cisco Content Security Management Appliance (SMA) Open Redirect vulnerabilities (CVE-2020-3178) affect the web-based GUI of Cisco AsyncOS/SMA. Multiple issues arise from improper input validation of HTTP request parameters, allowing an unauthenticated, remote attacker to intercept and modify requ...
CVE-2020-3447
The CVE-2020-3447 issue affects Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). Affected component: CLI log subscriptions that are overly verbose, enabling an authenticated attacker with operator-level credentials (or higher) to access...
CVE-2021-1447
CVE-2021-1447 describes a local privilege-escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) due to a flaw in the password generation algorithm. An authenticated Administrator can exploit this by enabling specific Administrator-only features and connecting to the ap...