Email Security Appliance Security Vulnerabilities and Issues — Email Security Appliance CVE List

Lucene search

CiscoEmail Security Appliance

14 matches found

CVE•added 2016/06/08 2:59 p.m.•184 views

CVE-2016-1405

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP pro...

7.5CVSS7.1AI score0.03586EPSS

CVE•added 2016/12/14 12:59 a.m.•59 views

CVE-2016-1411

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Informatio...

5.9CVSS5.8AI score0.00224EPSS

CVE•added 2016/10/28 10:59 a.m.•59 views

CVE-2016-1423

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilita...

6.1CVSS6.1AI score0.00357EPSS

CVE•added 2016/12/14 12:59 a.m.•53 views

CVE-2016-9202

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb373...

6.1CVSS5.9AI score0.00349EPSS

CVE•added 2016/10/05 5:59 p.m.•46 views

CVE-2016-6416

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP t...

5.9CVSS5.7AI score0.00888EPSS

CVE•added 2016/10/28 10:59 a.m.•44 views

CVE-2016-6358

A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Know...

7.5CVSS7.2AI score0.00562EPSS

CVE•added 2016/10/28 10:59 a.m.•40 views

CVE-2016-1480

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all r...

7.5CVSS7.6AI score0.00272EPSS

CVE•added 2016/10/28 10:59 a.m.•40 views

CVE-2016-1481

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to...

7.8CVSS7.5AI score0.0076EPSS

CVE•added 2016/10/28 10:59 a.m.•40 views

CVE-2016-6360

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Ci...

7.5CVSS7.3AI score0.01361EPSS

CVE•added 2016/10/28 10:59 a.m.•39 views

CVE-2016-6372

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering...

7.5CVSS7.7AI score0.0027EPSS

CVE•added 2016/12/14 12:59 a.m.•39 views

CVE-2016-6465

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerabi...

4.3CVSS4.8AI score0.00194EPSS

CVE•added 2016/10/28 10:59 a.m.•37 views

CVE-2016-1486

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages du...

7.8CVSS7.4AI score0.0076EPSS

CVE•added 2016/10/28 10:59 a.m.•37 views

CVE-2016-6357

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz016...

7.5CVSS7.5AI score0.00226EPSS

CVE•added 2016/10/28 10:59 a.m.•33 views

CVE-2016-6356

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Produc...

7.8CVSS7.5AI score0.0076EPSS