Cisco Asyncos vulnerabilities

CVE-2018-15460 [HIGH] CWE-20 CVE-2018-15460: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email mes

CVE-2018-0087 [MEDIUM] CWE-287 CVE-2018-0087: A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthent A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential validation. An attacker could exploit this vulnerabili

CVE-2018-0095 [HIGH] CWE-264 CVE-2018-0095: A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vul

CVE-2017-12303 [MEDIUM] CWE-358 CVE-2017-12303: A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Sof A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different

CVE-2017-12215 [HIGH] CWE-20 CVE-2017-12215: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting i

CVE-2016-1461 [HIGH] CWE-20 CVE-2016-1461: Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

CVE-2016-1438 [HIGH] CWE-20 CVE-2016-1438: Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.

CVE-2015-0605 [MEDIUM] CWE-264 CVE-2015-0605: The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343.

CVE-2014-3381 [MEDIUM] CWE-264 CVE-2014-3381: The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ES The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.