Web Security Appliance@10.1.0-204 Security Vulnerabilities and Issues — Web Security Appliance@10.1.0-204 CVE List

Lucene search

CiscoWeb Security Appliance10.1.0-204

7 matches found

CVE•added 2017/07/25 7:29 p.m.•60 views

CVE-2017-6751

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypa...

7.5CVSS7.5AI score0.00469EPSS

CVE•added 2017/07/25 7:29 p.m.•57 views

CVE-2017-6749

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and ...

5.4CVSS5.1AI score0.00235EPSS

CVE•added 2019/02/08 6:29 p.m.•48 views

CVE-2019-1672

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorre...

5.8CVSS5.8AI score0.00207EPSS

CVE•added 2018/08/15 8:29 p.m.•46 views

CVE-2018-0410

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected soft...

8.6CVSS8.4AI score0.02122EPSS

CVE•added 2017/07/25 7:29 p.m.•45 views

CVE-2017-6746

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...

9CVSS7.2AI score0.02509EPSS

CVE•added 2017/07/25 7:29 p.m.•42 views

CVE-2017-6748

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...

7.2CVSS6.7AI score0.00315EPSS

CVE•added 2017/07/25 7:29 p.m.•41 views

CVE-2017-6750

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnera...

7.5CVSS7.5AI score0.00749EPSS