Lucene search
K
CiscoWeb Security Virtual Appliance

10 matches found

CVE
CVE
added 2017/07/25 7:0 p.m.75 views

CVE-2017-6749

CVE-2017-6749 describes a stored cross-site scripting (XSS) vulnerability in the Cisco Web Security Appliance (WSA) web-based management interface. An authenticated, remote attacker can exploit this by convincing a user to follow a crafted link, triggering script execution in the user’s browser s...

5.4CVSS5.1AI score0.01228EPSS
CVE
CVE
added 2017/07/25 7:0 p.m.75 views

CVE-2017-6751

Cisco Web Security Appliance (WSA) is affected (virtual and hardware). The issue is a web proxy bypass where traffic forwarded from the web proxy interface to the administrative management interface is not denied, enabling an unauthenticated remote attacker to reach the admin interface (Access Co...

7.5CVSS7.5AI score0.01963EPSS
CVE
CVE
added 2015/06/26 10:0 a.m.62 views

CVE-2015-4217

The CVE-2015-4217 issue affects Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv). The root cause is the use of the same default SSH host keys across different customer installations, enabling an unauthenticated ...

4.3CVSS6.7AI score0.02241EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.61 views

CVE-2021-1271

CVE-2021-1271 affects Cisco Web Security Appliance (WSA) AsyncOS. The issue is a stored cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper validation of user-supplied input. An authenticated, remote attacker could exploit this in the affected interfa...

4.8CVSS4.9AI score0.00787EPSS
CVE
CVE
added 2015/06/26 10:0 a.m.58 views

CVE-2015-4216

The CVE concerns Cisco WSAv/ESAv/SMAv devices where the remote-support feature uses the same default SSH root authorized key across different customer installations, enabling an attacker with knowledge of a private key from another installation to bypass authentication. Affected products are Cisc...

5CVSS7.1AI score0.03316EPSS
CVE
CVE
added 2015/09/14 1:0 a.m.53 views

CVE-2015-6290

Cisco Web Security Appliance (WSA) version 8.0.7 contains a vulnerability (CVE-2015-6290) where an unauthenticated remote attacker can cause a denial-of-service by sending crafted HTTP responses. The root cause is improper handling of malformed HTTP server responses, leading to memory/resource ex...

4.3CVSS6.8AI score0.01407EPSS
CVE
CVE
added 2017/07/25 7:0 p.m.53 views

CVE-2017-6750

Cisco Web Security Appliance AsyncOS is affected by CVE-2017-6750 due to a default/static password on a user account. This permits an unauthenticated remote attacker to log in to the web GUI with elevated access, or an unauthenticated/remote attacker to authenticate areas of the GUI, as described...

7.5CVSS7.5AI score0.02652EPSS
CVE
CVE
added 2017/07/25 7:0 p.m.51 views

CVE-2017-6748

Cisco Web Security Appliance (WSA) CLI parser vulnerability CVE-2017-6748 enables an authenticated, local attacker with operator/administrator credentials to inject commands and elevate to root. Affected: virtual and hardware WSA platforms. Root cause: insufficient validation in the CLI parser al...

7.2CVSS6.7AI score0.00818EPSS
CVE
CVE
added 2014/04/02 1:0 a.m.44 views

CVE-2014-2137

Cisco Web Security Appliance (WSA) 7.x and 8.x are affected by a CRLF injection vulnerability in the web framework. The root cause is insufficient validation of input used as HTTP header values, allowing remote attackers to inject arbitrary headers and perform redirection attacks via crafted URLs...

4.3CVSS7AI score0.00947EPSS
CVE
CVE
added 2015/09/14 1:0 a.m.42 views

CVE-2015-6287

Cisco Web Security Appliance (WSA) versions 8.0.6-078 and 8.0.6-115 are affected by CVE-2015-6287. A vulnerability in the DNS resolution function allows an unauthenticated, remote attacker to cause a partial DoS (service outage) by sending a flood of TCP proxy traffic that leads to DNS resolution...

5CVSS6.8AI score0.02037EPSS