Cisco Asyncos vulnerabilities

CVE-2025-20393 [CRITICAL] CWE-20 CVE-2025-20393: A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gate A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the

CVE-2020-3122 [MEDIUM] CWE-284 CVE-2020-3122: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Ma A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

CVE-2025-20184 [MEDIUM] CWE-20 CVE-2025-20184: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to

CVE-2025-20183 [MEDIUM] CWE-20 CVE-2025-20183: A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of C A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability is due to improper handling of a crafted range reques

CVE-2025-20180 [MEDIUM] CWE-79 CVE-2025-20180: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An att

CVE-2025-20185 [LOW] CWE-250 CVE-2025-20185: A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software f A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulne

CVE-2021-1425 [MEDIUM] CWE-201 CVE-2021-1425: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco  A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged betwee

CVE-2022-20871 [MEDIUM] CWE-78 CVE-2022-20871: A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appl A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An

CVE-2024-20504 [MEDIUM] CWE-80 CVE-2024-20504: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validatio

CVE-2024-20429 [MEDIUM] CWE-74 CVE-2024-20429: A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway coul A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this v

CVE-2024-20435 [HIGH] CWE-250 CVE-2024-20435: A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, l A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executi

CVE-2024-20383 [MEDIUM] CWE-79 CVE-2024-20383: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a

CVE-2024-20257 [MEDIUM] CWE-79 CVE-2024-20257: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of

CVE-2024-20392 [MEDIUM] CWE-113 CVE-2024-20392: A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gat A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to the web-based management API of the affected system. An

CVE-2024-20258 [MEDIUM] CWE-79 CVE-2024-20258: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vul

CVE-2024-20256 [MEDIUM] CWE-79 CVE-2024-20256: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Ema A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulne

CVE-2020-26082 [MEDIUM] CWE-20 CVE-2020-26082: A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security A A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerabil

CVE-2023-20215 [MEDIUM] CWE-202 CVE-2023-20215: A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance cou A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific c

CVE-2022-20952 [MEDIUM] CWE-20 CVE-2022-20952: A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, fo A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded

CVE-2022-20868 [MEDIUM] CWE-321 CVE-2022-20868: A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secur A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use