10 matches found
CVE-2017-6749
CVE-2017-6749 describes a stored cross-site scripting (XSS) vulnerability in the Cisco Web Security Appliance (WSA) web-based management interface. An authenticated, remote attacker can exploit this by convincing a user to follow a crafted link, triggering script execution in the user’s browser s...
CVE-2017-6751
Cisco Web Security Appliance (WSA) is affected (virtual and hardware). The issue is a web proxy bypass where traffic forwarded from the web proxy interface to the administrative management interface is not denied, enabling an unauthenticated remote attacker to reach the admin interface (Access Co...
CVE-2015-4217
The CVE-2015-4217 issue affects Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv). The root cause is the use of the same default SSH host keys across different customer installations, enabling an unauthenticated ...
CVE-2021-1271
CVE-2021-1271 affects Cisco Web Security Appliance (WSA) AsyncOS. The issue is a stored cross-site scripting (XSS) vulnerability in the web-based management interface caused by improper validation of user-supplied input. An authenticated, remote attacker could exploit this in the affected interfa...
CVE-2015-4216
The CVE concerns Cisco WSAv/ESAv/SMAv devices where the remote-support feature uses the same default SSH root authorized key across different customer installations, enabling an attacker with knowledge of a private key from another installation to bypass authentication. Affected products are Cisc...
CVE-2015-6290
Cisco Web Security Appliance (WSA) version 8.0.7 contains a vulnerability (CVE-2015-6290) where an unauthenticated remote attacker can cause a denial-of-service by sending crafted HTTP responses. The root cause is improper handling of malformed HTTP server responses, leading to memory/resource ex...
CVE-2017-6750
Cisco Web Security Appliance AsyncOS is affected by CVE-2017-6750 due to a default/static password on a user account. This permits an unauthenticated remote attacker to log in to the web GUI with elevated access, or an unauthenticated/remote attacker to authenticate areas of the GUI, as described...
CVE-2017-6748
Cisco Web Security Appliance (WSA) CLI parser vulnerability CVE-2017-6748 enables an authenticated, local attacker with operator/administrator credentials to inject commands and elevate to root. Affected: virtual and hardware WSA platforms. Root cause: insufficient validation in the CLI parser al...
CVE-2014-2137
Cisco Web Security Appliance (WSA) 7.x and 8.x are affected by a CRLF injection vulnerability in the web framework. The root cause is insufficient validation of input used as HTTP header values, allowing remote attackers to inject arbitrary headers and perform redirection attacks via crafted URLs...
CVE-2015-6287
Cisco Web Security Appliance (WSA) versions 8.0.6-078 and 8.0.6-115 are affected by CVE-2015-6287. A vulnerability in the DNS resolution function allows an unauthenticated, remote attacker to cause a partial DoS (service outage) by sending a flood of TCP proxy traffic that leads to DNS resolution...