Cisco Email Security Appliance vulnerabilities
46 known vulnerabilities affecting cisco/email_security_appliance.
Total CVEs
46
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH19MEDIUM26
Vulnerabilities
Page 3 of 3
CVE-2015-6321HIGHCVSS 7.8v7.6.1-000v7.6.3-000+12 more2015-11-06
CVE-2015-6321 [HIGH] CWE-399 CVE-2015-6321: Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x be
Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance
nvd
CVE-2015-6309MEDIUMCVSS 6.8v9.6.0-0422015-10-02
CVE-2015-6309 [MEDIUM] CWE-399 CVE-2015-6309: Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to ca
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
nvd
CVE-2015-6285MEDIUMCVSS 6.4v7.6.0v8.0.02015-09-14
CVE-2015-6285 [MEDIUM] CWE-134 CVE-2015-6285: Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote at
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
nvd
CVE-2015-4288MEDIUMCVSS 4.3v8.5.7-0422015-07-29
CVE-2015-4288 [MEDIUM] CWE-310 CVE-2015-4288: The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applianc
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka B
nvd
CVE-2015-4236MEDIUMCVSS 4.3v8.5.6-0742015-07-10
CVE-2015-4236 [MEDIUM] CWE-399 CVE-2015-4236: Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.
nvd
CVE-2015-4184MEDIUMCVSS 5.0v3.331-09v7.5.1-gpl-022+1 more2015-06-13
CVE-2015-4184 [MEDIUM] CWE-20 CVE-2015-4184: The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
nvd
← Previous3 / 3