Lucene search
K
CiscoEmail Security Appliance

50 matches found

CVE
CVE
added 2019/07/06 1:25 a.m.439 views

CVE-2019-1921

The vulnerability CVE-2019-1921 affects Cisco AsyncOS Software for Cisco Email Security Appliance (ESA). It stems from improper input validation in the attachment scanning component, enabling an unauthenticated, remote attacker to bypass configured content filters by naming a malicious attachment...

7.5CVSS6.5AI score0.01413EPSS
CVE
CVE
added 2019/07/06 1:30 a.m.420 views

CVE-2019-1933

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) contains an input-validation vulnerability in its email message scanning that can let an unauthenticated, remote attacker bypass configured message filters by sending a crafted email to an ESA-protected recipient. The issue stems fro...

7.4CVSS6.6AI score0.0124EPSS
CVE
CVE
added 2016/06/08 2:0 p.m.260 views

CVE-2016-1405

ClamAV libclamav vulnerability (CVE-2016-1405) allows remote attackers to cause a denial of service via a crafted document, affecting Cisco ESA appliances (before 9.7.0-125) and WSA appliances (before 9.0.1-135 and 9.1.x before 9.1.1-041). Root cause: parsing defect in libclamav leading to AMP pr...

7.5CVSS7.1AI score0.03406EPSS
CVE
CVE
added 2019/06/20 3:10 a.m.196 views

CVE-2019-1905

CVE-2019-1905 affects Cisco Email Security Appliance (ESA) running AsyncOS. The issue is in the GZIP decompression engine where improper validation of GZIP-formatted files allows an unauthenticated, remote attacker to bypass configured content filters by sending a crafted GZIP file. Impact is a b...

5.8CVSS5.6AI score0.01361EPSS
CVE
CVE
added 2022/06/15 5:55 p.m.143 views

CVE-2022-20664

CVE-2022-20664 affects Cisco Secure Email and Web Manager (SMA) and Cisco Email Security Appliance (ESA). The issue is an information-disclosure vulnerability in the web management interface caused by insufficient input sanitization when querying an external LDAP authentication server. An authent...

7.7CVSS7.5AI score0.00959EPSS
CVE
CVE
added 2020/01/26 4:31 a.m.138 views

CVE-2020-3134

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) is affected by CVE-2020-3134 due to an improper validation of zip files in the zip decompression engine. The issue can be exploited by sending an email with a crafted zip- compressed attachment, potentially triggering a restart of th...

6.5CVSS6.5AI score0.01087EPSS
CVE
CVE
added 2023/02/16 3:25 p.m.109 views

CVE-2023-20075

The CVE-2023-20075 issue affects Cisco Secure Email Gateway (ESA) / Cisco Email Security Appliance CLI. It stems from improper input validation in the CLI, enabling an authenticated, local attacker to inject operating system commands into a legitimate CLI command and escape the restricted prompt ...

6.7CVSS6.9AI score0.00362EPSS
CVE
CVE
added 2023/02/16 3:25 p.m.107 views

CVE-2023-20009

CVE-2023-20009 affects Cisco’s Web UI and administrative CLI on the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA). The issue stems from processing of a specially crafted SNMP configuration file, which, if uploaded by an authenticated user with at least operator pri...

7.2CVSS7.3AI score0.01262EPSS
Web
CVE
CVE
added 2022/06/15 5:55 p.m.102 views

CVE-2022-20798

Cisco’s CVE-2022-20798 vulnerability affects Cisco Secure Email and Web Manager (SMA) and Cisco Email Security Appliance (ESA). The flaw arises from improper authentication checks when external authentication uses LDAP, allowing an unauthenticated, remote attacker to bypass login and access the w...

9.8CVSS9.8AI score0.01427EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.95 views

CVE-2020-3164

Summary: CVE-2020-3164 is a GUI Denial of Service vulnerability in Cisco AsyncOS web interfaces for the Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA). It stems from improper validation of specific HTTP request headers, allowing...

5.3CVSS5.3AI score0.01281EPSS
CVE
CVE
added 2022/11/03 7:30 p.m.91 views

CVE-2022-20960

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) is affected by CVE-2022-20960. The issue arises from improper handling of TLS connections, enabling an unauthenticated remote attacker to trigger a DoS by opening a large number of concurrent TLS connections. This can cause the ESA t...

7.5CVSS7.5AI score0.00778EPSS
CVE
CVE
added 2020/09/23 12:26 a.m.90 views

CVE-2019-1947

The CVE-2019-1947 issue affects Cisco Email Security Appliance (ESA) running AsyncOS, where the email message filtering feature mishandles messages with large attachments. This vulnerability can allow an unauthenticated, remote attacker to drive CPU utilization to 100%, creating a denial-of-servi...

8.6CVSS8.4AI score0.01918EPSS
CVE
CVE
added 2020/03/04 6:35 p.m.90 views

CVE-2020-3181

CVE-2020-3181 : Cisco AsyncOS for Cisco Email Security Appliances (ESA) contains an uncontrolled resource-exhaustion vulnerability in the malware detection/AMP path due to insufficient control over memory allocation. An unauthenticated remote attacker can send a crafted email to exhaust device re...

6.5CVSS6.4AI score0.01525EPSS
CVE
CVE
added 2020/02/19 7:16 p.m.82 views

CVE-2020-3132

Cisco AsyncOS for Cisco Email Security Appliance (ESA) is affected by CVE-2020-3132, a Denial of Service vulnerability in the email message scanning component caused by inadequate parsing of specific email body components. An unauthenticated, remote attacker can trigger a temporary DoS by sending...

7.1CVSS6.2AI score0.01508EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.78 views

CVE-2020-3137

CVE-2020-3137 affects Cisco Email Security Appliance (ESA) web-based management interface. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web UI. An unauthenticated, remote attacker could lure a user to click a malicious lin...

6.1CVSS6AI score0.0084EPSS
CVE
CVE
added 2021/01/20 7:35 p.m.76 views

CVE-2021-1129

The CVE-2021-1129 vulnerability affects Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA). Root cause: missing requirement for a secure authentication token when accessing the general purpose APIs, allowing an unauthent...

5.3CVSS5.1AI score0.01142EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.75 views

CVE-2017-6661

CVE-2017-6661 affects Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface that allows an unauthenticated, remote attacker to execute script code in the context of ...

6.1CVSS5.9AI score0.01242EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.73 views

CVE-2016-1411

CVE-2016-1411 affects Cisco AsyncOS Software used on Email Security Appliances (ESA), Web Security Appliances (WSA), and Content Management Security Appliances (SMA). The issue stems from lack of certificate validation during HTTPS updates, allowing an unauthenticated attacker to perform a man-in...

5.9CVSS5.8AI score0.01121EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.73 views

CVE-2019-1983

CVE-2019-1983 affects Cisco AsyncOS for ESA and SMA. The vulnerability stems from insufficient input validation of email attachments in the email message filtering feature, allowing an unauthenticated, remote attacker to cause repeated crashes of internal processes, resulting in a DoS and unavail...

7.8CVSS5.7AI score0.01863EPSS
CVE
CVE
added 2015/11/06 2:0 a.m.72 views

CVE-2015-6321

Cisco AsyncOS contains a denial-of-service vulnerability (CVE-2015-6321) in the network stack triggered by a flood of TCP packets, leading to memory exhaustion and disruption of new TCP connections. Affected products include Cisco Email Security Appliance (ESA) on various 8.5.x–9.6.x branches, Ci...

7.8CVSS6.6AI score0.02764EPSS
CVE
CVE
added 2021/06/16 5:45 p.m.71 views

CVE-2021-1566

CVE-2021-1566 affects Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) due to improper TLS certificate validation in the AMP for Endpoints integration (AsyncOS). A remote, unauthenticated attacker could perform a man-in-the-middle to intercept traffic between the device...

7.4CVSS7.2AI score0.0067EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.70 views

CVE-2016-1423

The CVE-2016-1423 entry documents a vulnerability in Cisco AsyncOS for Cisco Email Security Appliance (ESA) affecting the Messages in Quarantine (MIQ) view. The issue arises from malformed HTML script tags in quarantined email messages, which could allow an unauthenticated remote attacker to caus...

6.1CVSS6.1AI score0.01543EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.70 views

CVE-2017-6783

CVE-2017-6783 affects Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA). The root cause is that these devices do not protect confidential information at rest in SNMP poll responses, enabling an authenticated, remote attacker to dis...

4.3CVSS4.4AI score0.01339EPSS
CVE
CVE
added 2018/08/15 8:0 p.m.69 views

CVE-2018-0419

The CVE-2018-0419 issue involves Cisco Email Security Appliance (ESA). Affected component: attachment detection/filtration mechanisms. Root cause (as described): improper detection of content within executable (EXE) files, enabling a bypass of the ESA’s filtering. Exploitation scenario: unauthent...

7.5CVSS7.5AI score0.02818EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.69 views

CVE-2020-3133

Cisco AsyncOS for Cisco Email Security Appliance (ESA) contains an input-validation flaw in the email-message scanning path that allows an unauthenticated, remote attacker to bypass content filters by sending a crafted email to a protected recipient. Root cause: improper validation of incoming em...

7.5CVSS6.5AI score0.01378EPSS
CVE
CVE
added 2019/05/03 4:35 p.m.67 views

CVE-2019-1844

The Cisco Email Security Appliance (ESA) contains CVE-2019-1844, a filter bypass flaw caused by improper detection of certain content. An unauthenticated, remote attacker could bypass recipient filtering by sending specific file types without Content-Disposition information, enabling messages tha...

5.3CVSS5.2AI score0.01696EPSS
CVE
CVE
added 2021/05/06 12:51 p.m.67 views

CVE-2021-1516

CVE-2021-1516 affects Cisco AsyncOS Software on the Cisco Content Security Management Appliance (SMA), Email Security Appliance (ESA), and Web Security Appliance (WSA). Root cause: confidential information is included in HTTP requests exchanged between the user and the device, allowing an authent...

6.5CVSS5.2AI score0.01156EPSS
CVE
CVE
added 2020/08/17 6:0 p.m.66 views

CVE-2020-3447

The CVE-2020-3447 issue affects Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA). Affected component: CLI log subscriptions that are overly verbose, enabling an authenticated attacker with operator-level credentials (or higher) to access...

6.5CVSS5.6AI score0.00738EPSS
CVE
CVE
added 2015/07/10 7:0 p.m.65 views

CVE-2015-4236

Cisco AsyncOS for Email Security Appliances (ESA) with clustering enabled is affected on ESA software versions 8.5.6-073, 8.5.6-074, and 9.0.0-461. The issue stems from improper handling of high-rate packet floods, allowing remote attackers to trigger a denial-of-service condition that makes clus...

4.3CVSS6.9AI score0.02394EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.64 views

CVE-2016-9202

Cisco ESA/ASA web UI is affected by a persistent cross-site scripting (XSS) vulnerability (CVE-2016-9202) in the web-based management interface, exploitable by an unauthenticated remote attacker. The flaw could allow script execution in a user’s browser on ESA Switches and related appliances, wit...

6.1CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2015/06/13 10:0 a.m.62 views

CVE-2015-4184

Cisco Email Security Appliance (ESA) AsyncOS contains an anti-spam scanner vulnerability caused by improper handling of a crafted DNS SPF TXT record, allowing unauthenticated remote bypass of anti-spam restrictions. Affected ESA versions include 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074. Exploitatio...

5CVSS6.9AI score0.03491EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.60 views

CVE-2018-0447

The CVE-2018-0447 vulnerability affects Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA). It arises from incomplete input/validation handling for certain SPF messages, allowing an unauthenticated, remote attacker to bypass URL filters configured on the ESA by sending a crafted ...

5.3CVSS5.4AI score0.02276EPSS
CVE
CVE
added 2015/11/06 2:0 a.m.59 views

CVE-2015-6291

CVE-2015-6291 affects Cisco AsyncOS on Email Security Appliance (ESA) devices. Root cause: improper input validation when filtering attachments (body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match), which can...

7.8CVSS6.8AI score0.01925EPSS
CVE
CVE
added 2024/11/18 3:53 p.m.59 views

CVE-2020-3548

CVE-2020-3548 affects Cisco AsyncOS software for Cisco Email Security Appliance (ESA). The issue is in the TLS protocol implementation, caused by inefficient processing of incoming TLS traffic. An unauthenticated, remote attacker can send crafted TLS packets to trigger a prolonged state of high C...

7.5CVSS5.4AI score0.00809EPSS
CVE
CVE
added 2015/07/29 1:0 a.m.58 views

CVE-2015-4288

CVE-2015-4288 affects Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048. The LDAP server in these devices does not verify X.509 certificates from SSL servers, enabling a man-in-the-middle attacker to s...

4.3CVSS6.1AI score0.00477EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.58 views

CVE-2016-6358

Cisco ESA CVE-2016-6358 is a remote, unauthenticated Denial of Service vulnerability in the local FTP service. The issue arises from improper input validation of user-supplied fields during FTP login, causing the FTP process to quit and trigger a partial DoS. Affected releases include 9.1.0-032 a...

7.5CVSS7.2AI score0.01747EPSS
CVE
CVE
added 2016/10/05 5:0 p.m.58 views

CVE-2016-6416

The CVE-2016-6416 issue affects Cisco AsyncOS on ESA, WSA, and SMA devices. The local FTP service could be flooded by remote attackers, causing DoS due to lack of throttling. Affected versions include ESA 9.6.0-000 through 9.9.6-026, WSA 9.0.0-162 through 9.5.0-444, and SMA in the same family. Ro...

5.9CVSS5.7AI score0.0202EPSS
CVE
CVE
added 2019/04/18 1:20 a.m.57 views

CVE-2019-1831

CVE-2019-1831 affects Cisco AsyncOS Software for Cisco Email Security Appliance (ESA). The flaw stems from improper input validation of the email body in the message scanning component, allowing an unauthenticated, remote attacker to bypass configured content filters by inserting specific charact...

5.8CVSS5.5AI score0.01647EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.56 views

CVE-2016-1481

The CVE-2016-1481 issue affects Cisco AsyncOS Software used in Cisco Email Security Appliances. Vulnerable component: the email message filtering feature, specifically when processing compressed attachments that contain malformed Design (DGN) files. Root cause: improper handling of compressed DGN...

7.8CVSS7.5AI score0.03021EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.55 views

CVE-2016-6357

CVE-2016-6357 affects Cisco AsyncOS for the Cisco Email Security Appliance (ESA). The issue is a vulnerability in configured security policies, including drop email filtering, where an unauthenticated, remote attacker could bypass a configured drop filter by sending an email with a corrupted atta...

7.5CVSS7.5AI score0.02419EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.54 views

CVE-2016-1480

The CVE-2016-1480 issue affects Cisco AsyncOS MIME scanner in Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA). It allows an unauthenticated, remote attacker to bypass configured user filters on affected devices when message/content filters scan incoming attachments. Affect...

7.5CVSS7.6AI score0.02419EPSS
CVE
CVE
added 2017/01/26 7:45 a.m.54 views

CVE-2017-3800

CVE-2017-3800 affects Cisco AsyncOS for the Email Security Appliance (ESA) content scanning engine. An unauthenticated, remote attacker could bypass configured message or content filters on attachments. Affected releases are all prior to the first fixed AsyncOS release; known affected: 9.7.1-066,...

5.8CVSS5.7AI score0.01525EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.52 views

CVE-2016-6372

CVE-2016-6372 affects Cisco AsyncOS for Cisco ESA and WSA (MIME header handling). A vulnerability in email message and content filtering due to improper error handling of malformed MIME headers could allow an unauthenticated, remote attacker to bypass the device’s filtering, potentially allowing ...

7.5CVSS7.7AI score0.01634EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.51 views

CVE-2016-6356

Cisco AsyncOS for Cisco Email Security Appliances is affected by CVE-2016-6356 due to improper input validation of email attachments with corrupted fields in the message filtering feature. An unauthenticated, remote attacker could trigger a DoS by causing the device to stop scanning/forwarding em...

7.8CVSS7.5AI score0.02995EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.51 views

CVE-2020-3370

CVE-2020-3370 affects Cisco Content Security Management Appliance (SMA). The vulnerability arises from insufficient input validation in the URL filtering feature, enabling an unauthenticated, remote attacker to bypass URL filtering by sending a crafted HTTP request and potentially redirecting use...

5.8CVSS5AI score0.01282EPSS
CVE
CVE
added 2015/09/14 1:0 a.m.50 views

CVE-2015-6285

CVE-2015-6285 describes a format-string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 that can be exploited remotely by sending crafted HTTP requests to trigger a DoS (memory overwrite or service outage). The issue stems from improper handling/validation of format specifie...

6.4CVSS6.9AI score0.01417EPSS
CVE
CVE
added 2015/10/02 3:0 p.m.50 views

CVE-2015-6309

Cisco Email Security Appliance (ESA) versions 8.5.6-106 and 9.6.0-042 are affected by CVE-2015-6309. The vulnerability allows an authenticated, remote attacker to cause a denial of service by sending crafted HTTP requests, resulting in file-descriptor exhaustion and a device reload. The issue is ...

6.8CVSS6.5AI score0.017EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.50 views

CVE-2016-6360

Cisco CVE-2016-6360 affects Cisco AsyncOS (ESA) and Web Security Appliance (WSA) via the AMP component. The root cause is improper validation of Java Archive (JAR) content scanned when AMP is enabled, which can cause the AMP process to restart unexpectedly and produce a partial DoS. Affected prod...

7.5CVSS7.3AI score0.02163EPSS
CVE
CVE
added 2016/12/14 12:37 a.m.50 views

CVE-2016-6465

The CVE-2016-6465 vulnerability affects Cisco AsyncOS content filtering in Cisco Email Security Appliances (ESAs) and Web Security Appliances (WSAs). The issue is an improper filtering of TAR format attachments, allowing an unauthenticated, remote attacker to bypass user-filter rules configured o...

4.3CVSS4.8AI score0.01556EPSS
CVE
CVE
added 2016/10/28 10:0 a.m.46 views

CVE-2016-1486

CVE-2016-1486 affects Cisco AsyncOS for Cisco Email Security Appliances, specifically the AMP email-attachment scanning feature. The root cause is improper handling in the attachment-scanning process, enabling an unauthenticated, remote attacker to trigger a DoS that stops scanning and forwarding...

7.8CVSS7.4AI score0.02995EPSS