Cisco Application Services Engine vulnerabilities
4 known vulnerabilities affecting cisco/application_services_engine.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-1393CRITICALCVSS 9.8≥ 1.1, < 1.1\(3e\)2021-02-24
CVE-2021-1393 [CRITICAL] CWE-306 CVE-2021-1393: Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this ad
nvd
CVE-2021-1396MEDIUMCVSS 6.5≥ 1.1, < 1.1\(3e\)2021-02-24
CVE-2021-1396 [CRITICAL] CWE-306 CVE-2021-1396: Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this ad
nvd
CVE-2020-3335MEDIUMCVSS 5.5fixed in 1.1.2.202020-06-03
CVE-2020-3335 [MEDIUM] CWE-306 CVE-2020-3335: A vulnerability in the key store of Cisco Application Services Engine Software could allow an authen
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with
nvd
CVE-2020-3333MEDIUMCVSS 5.3fixed in 1.1.2.202020-06-03
CVE-2020-3333 [MEDIUM] CWE-306 CVE-2020-3333: A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthentica
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP re
nvd