Cisco Email Security Appliance vulnerabilities

CVE-2022-20798 [CRITICAL] CWE-287 CVE-2022-20798: A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vuln

CVE-2022-20664 [HIGH] CWE-497 CVE-2022-20664: A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisc A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected

CVE-2022-20653 [HIGH] CWE-399 CVE-2022-20653: A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification componen A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name

CVE-2021-34741 [HIGH] CWE-770 CVE-2021-34741: A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security A A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerab

CVE-2021-1534 [MEDIUM] CWE-20 CVE-2021-1534: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a

CVE-2020-3568 [MEDIUM] CWE-20 CVE-2020-3568: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a

CVE-2019-1947 [HIGH] CWE-20 CVE-2019-1947: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email message

CVE-2020-3133 [HIGH] CWE-20 CVE-2020-3133: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to

CVE-2020-3137 [MEDIUM] CWE-79 CVE-2020-3137: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device

CVE-2019-1983 [MEDIUM] CWE-20 CVE-2019-1983: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (D

CVE-2020-3546 [MEDIUM] CWE-20 CVE-2020-3546: A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Secu A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker c

CVE-2020-3447 [MEDIUM] CWE-532 CVE-2020-3447: A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Async A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could

CVE-2020-3370 [MEDIUM] CWE-20 CVE-2020-3370: A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A

CVE-2020-3368 [MEDIUM] CWE-20 CVE-2020-3368: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting t

CVE-2020-3181 [MEDIUM] CWE-400 CVE-2020-3181: A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker cou

CVE-2020-3132 [MEDIUM] CWE-400 CVE-2020-3132: A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker

CVE-2020-3134 [MEDIUM] CWE-20 CVE-2020-3134: A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security A A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an em

CVE-2019-15971 [MEDIUM] CWE-20 CVE-2019-15971: A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appli A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted

CVE-2019-15988 [MEDIUM] CWE-20 CVE-2019-15988: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting

CVE-2019-12706 [HIGH] CWE-20 CVE-2019-12706: A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cis A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages.