Cisco Email Security Appliance vulnerabilities

CVE-2015-6321 [HIGH] CWE-399 CVE-2015-6321: Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x be Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance

CVE-2015-6309 [MEDIUM] CWE-399 CVE-2015-6309: Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to ca Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

CVE-2015-6285 [MEDIUM] CWE-134 CVE-2015-6285: Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote at Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

CVE-2015-4288 [MEDIUM] CWE-310 CVE-2015-4288: The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applianc The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka B

CVE-2015-4236 [MEDIUM] CWE-399 CVE-2015-4236: Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0. Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.

CVE-2015-4184 [MEDIUM] CWE-20 CVE-2015-4184: The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8 The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability CVE-2020-3546: Cisco Email Security Appliance Information Disclosure Vulnerability A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management inter

CVE-2022-20653 Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability CVE-2022-20653: Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is du

CVE-2013-3386 Multiple Vulnerabilities in Cisco Email Security Appliance CVE-2013-3386: Multiple Vulnerabilities in Cisco Email Security Appliance Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability Successful exploitation of the Web Framework Authenticated Command Injection

CVE-2013-3385 Multiple Vulnerabilities in Cisco Email Security Appliance CVE-2013-3385: Multiple Vulnerabilities in Cisco Email Security Appliance Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability Successful exploitation of the Web Framework Authenticated Command Injection

CVE-2021-34741 Cisco Email Security Appliance Denial of Service Vulnerability CVE-2021-34741: Cisco Email Security Appliance Denial of Service Vulnerability A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit thi

CVE-2018-15453 Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability CVE-2018-15453: Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system

CVE-2017-12215 Cisco Email Security Appliance Denial of Service Vulnerability CVE-2017-12215: Cisco Email Security Appliance Denial of Service Vulnerability A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash,

CVE-2013-3384 Multiple Vulnerabilities in Cisco Email Security Appliance CVE-2013-3384: Multiple Vulnerabilities in Cisco Email Security Appliance Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability Successful exploitation of the Web Framework Authenticated Command Injection