Cisco Asyncos vulnerabilities

CVE-2022-20867 [MEDIUM] CWE-89 CVE-2022-20867: A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper

CVE-2022-20942 [MEDIUM] CWE-359 CVE-2022-20942: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. T

CVE-2022-20781 [MEDIUM] CWE-79 CVE-2022-20781: A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Securi A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not p

CVE-2022-20675 [MEDIUM] CWE-248 CVE-2022-20675: A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appl A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) conditi

CVE-2022-20653 [HIGH] CWE-399 CVE-2022-20653: A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification componen A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name

CVE-2021-34741 [HIGH] CWE-770 CVE-2021-34741: A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security A A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerab

CVE-2021-34698 [HIGH] CWE-401 CVE-2021-34698: A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could a A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could

CVE-2021-1534 [MEDIUM] CWE-20 CVE-2021-1534: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a

CVE-2021-1359 [HIGH] CWE-112 CVE-2021-1359: A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (W A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the web interface. An attacker could exploit this vulnerabil

CVE-2021-1566 [HIGH] CWE-296 CVE-2021-1566: A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco As A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate va

CVE-2020-3367 [HIGH] CWE-78 CVE-2020-3367: A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Applianc A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An atta

CVE-2020-3568 [MEDIUM] CWE-20 CVE-2020-3568: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a

CVE-2019-1947 [HIGH] CWE-20 CVE-2019-1947: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email message

CVE-2019-1983 [MEDIUM] CWE-20 CVE-2019-1983: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (D

CVE-2020-3546 [MEDIUM] CWE-20 CVE-2020-3546: A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Secu A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker c

CVE-2020-3547 [MEDIUM] CWE-200 CVE-2020-3547: A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Secu A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an inse

CVE-2020-3368 [MEDIUM] CWE-20 CVE-2020-3368: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting t

CVE-2019-15956 [HIGH] CWE-284 CVE-2019-15956: A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security App A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could e

CVE-2019-1886 [HIGH] CWE-20 CVE-2019-1886: A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed ce

CVE-2019-1884 [MEDIUM] CWE-20 CVE-2019-1884: A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appl A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an a