Cisco Web Security Virtual Appliance vulnerabilities

10 known vulnerabilities affecting cisco/web_security_virtual_appliance.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2021-1271MEDIUMCVSS 4.8fixed in 12.5.12021-01-20
CVE-2021-1271 [MEDIUM] CWE-79 CVE-2021-1271: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Applia A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly val
nvd
CVE-2017-6751HIGHCVSS 7.5v9.0.0v10.0.0+2 more2017-07-25
CVE-2017-6751 [HIGH] CWE-20 CVE-2017-6751: A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware
nvd
CVE-2017-6750HIGHCVSS 7.5v10.0.0v10.0_base+5 more2017-07-25
CVE-2017-6750 [HIGH] CWE-1188 CVE-2017-6750: A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware version
nvd
CVE-2017-6748MEDIUMCVSS 6.7v10.0.0v10.0_base+7 more2017-07-25
CVE-2017-6748 [MEDIUM] CWE-74 CVE-2017-6748: A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authentic A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Applianc
nvd
CVE-2017-6749MEDIUMCVSS 5.4v10.0.0v10.0_base+5 more2017-07-25
CVE-2017-6749 [MEDIUM] CWE-79 CVE-2017-6749: A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could al A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA)
nvd
CVE-2015-6290MEDIUMCVSS 4.3v8.0.5v8.0.6+2 more2015-09-14
CVE-2015-6290 [MEDIUM] CWE-119 CVE-2015-6290: Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (me Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.
nvd
CVE-2015-6287MEDIUMCVSS 5.0v8.0.5v8.0.6+1 more2015-09-14
CVE-2015-6287 [MEDIUM] CWE-399 CVE-2015-6287: Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.
nvd
CVE-2015-4216MEDIUMCVSS 5.0v7.7.5v8.0.5+4 more2015-06-26
CVE-2015-4216 [MEDIUM] CWE-200 CVE-2015-4216: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Ap The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by le
nvd
CVE-2015-4217MEDIUMCVSS 4.3v7.7.5v8.0.5+4 more2015-06-26
CVE-2015-4217 [MEDIUM] CWE-200 CVE-2015-4217: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Ap The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mecha
nvd
CVE-2014-2137MEDIUMCVSS 4.3≤ 7.7v7.1.0+6 more2014-04-02
CVE-2014-2137 [MEDIUM] CWE-20 CVE-2014-2137: CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earl CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.
nvd