Cisco Email Security Appliance vulnerabilities

CVE-2020-3548 [MEDIUM] CWE-407 CVE-2020-3548: A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming T

CVE-2023-20009 [MEDIUM] CWE-20 CVE-2023-20009: A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cis A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege

CVE-2023-20075 [MEDIUM] CWE-77 CVE-2023-20075: Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the atta

CVE-2022-20960 [HIGH] CWE-400 CVE-2022-20960: A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an un A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerab

CVE-2022-20798 [CRITICAL] CWE-287 CVE-2022-20798: A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vuln

CVE-2022-20664 [HIGH] CWE-497 CVE-2022-20664: A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisc A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected

CVE-2021-1129 [MEDIUM] CWE-201 CVE-2021-1129: A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Sec A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected

CVE-2020-3133 [HIGH] CWE-20 CVE-2020-3133: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to

CVE-2019-1947 [HIGH] CWE-20 CVE-2019-1947: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email message

CVE-2020-3137 [MEDIUM] CWE-79 CVE-2020-3137: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device

CVE-2019-1983 [MEDIUM] CWE-20 CVE-2019-1983: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (D

CVE-2020-3447 [MEDIUM] CWE-532 CVE-2020-3447: A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Async A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could

CVE-2020-3370 [MEDIUM] CWE-20 CVE-2020-3370: A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A

CVE-2020-3181 [MEDIUM] CWE-400 CVE-2020-3181: A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker cou

CVE-2020-3164 [MEDIUM] CWE-20 CVE-2020-3164: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appl A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vul

CVE-2020-3132 [MEDIUM] CWE-400 CVE-2020-3132: A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Secu A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker

CVE-2020-3134 [MEDIUM] CWE-20 CVE-2020-3134: A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security A A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an em

CVE-2019-1933 [MEDIUM] CWE-20 CVE-2019-1933: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted emai

CVE-2019-1921 [MEDIUM] CWE-20 CVE-2019-1921: A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Applia A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious atta

CVE-2019-1905 [MEDIUM] CWE-20 CVE-2019-1905: A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a maliciou