Email Security Appliances

CVEs (16)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-6458	Cisco Systems, Inc. Email Security Appliances	Hig	0.49	7.5	0.02	Nov 19, 2016	A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be…
CVE-2016-6372	Cisco Systems, Inc. Web Security Appliance	Hig	0.49	7.5	0.02	Oct 28, 2016	A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to…
CVE-2016-6358	Cisco Systems, Inc. Email Security Appliance Firmware	Hig	0.49	7.5	0.02	Oct 28, 2016	A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases:…
CVE-2016-6357	Cisco Systems, Inc. Asyncos	Hig	0.49	7.5	0.02	Oct 28, 2016	A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More…
CVE-2016-6356	Cisco Systems, Inc. Email Security Appliances	Hig	0.49	7.5	0.03	Oct 28, 2016	A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS)…
CVE-2017-12215	Cisco Systems, Inc. Asyncos	Hig	0.46	7.1	0.02	Sep 21, 2017	A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system…
CVE-2016-9202	Cisco Systems, Inc. Email Security Appliance Firmware	Med	0.40	6.1	0.01	Dec 14, 2016	A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More…
CVE-2016-1423	Cisco Systems, Inc. Asyncos	Med	0.40	6.1	0.02	Oct 28, 2016	A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could…
CVE-2016-6416	Cisco Systems, Inc. Web Security Appliance	Med	0.39	5.9	0.02	Oct 5, 2016	The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service…
CVE-2017-12353	Cisco Systems, Inc. Asyncos	Med	0.38	5.8	0.02	Nov 30, 2017	A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper…
CVE-2017-12218	Cisco Systems, Inc. Asyncos	Med	0.38	5.8	0.02	Sep 7, 2017	A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to…
CVE-2016-1411	Cisco Systems, Inc. Web Security Appliance	Med	0.38	5.9	0.01	Dec 14, 2016	A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update…
CVE-2017-12309	Cisco Systems, Inc. Email Security Appliance Firmware	Med	0.35	5.3	0.02	Nov 16, 2017	A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker…
CVE-2016-6463	Cisco Systems, Inc. AsyncOS Software	Med	0.35	5.3	0.01	Nov 19, 2016	A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…
CVE-2016-6462	Cisco Systems, Inc. AsyncOS Software	Med	0.35	5.3	0.02	Nov 19, 2016	A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…
CVE-2016-6465	Cisco Systems, Inc. Web Security Appliance	Med	0.28	4.3	0.02	Dec 14, 2016	A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected…

CVE-2016-6458HigNov 19, 2016
Cisco Systems, Inc.
Email Security Appliances
risk 0.49cvss 7.5epss 0.02
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be…
CVE-2016-6372HigOct 28, 2016
Cisco Systems, Inc.
Web Security Appliance
risk 0.49cvss 7.5epss 0.02
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to…
CVE-2016-6358HigOct 28, 2016
Cisco Systems, Inc.
Email Security Appliance Firmware
risk 0.49cvss 7.5epss 0.02
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases:…
CVE-2016-6357HigOct 28, 2016
Cisco Systems, Inc.
Asyncos
risk 0.49cvss 7.5epss 0.02
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More…
CVE-2016-6356HigOct 28, 2016
Cisco Systems, Inc.
Email Security Appliances
risk 0.49cvss 7.5epss 0.03
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS)…
CVE-2017-12215HigSep 21, 2017
Cisco Systems, Inc.
Asyncos
risk 0.46cvss 7.1epss 0.02
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system…
CVE-2016-9202MedDec 14, 2016
Cisco Systems, Inc.
Email Security Appliance Firmware
risk 0.40cvss 6.1epss 0.01
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More…
CVE-2016-1423MedOct 28, 2016
Cisco Systems, Inc.
Asyncos
risk 0.40cvss 6.1epss 0.02
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could…
CVE-2016-6416MedOct 5, 2016
Cisco Systems, Inc.
Web Security Appliance
risk 0.39cvss 5.9epss 0.02
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service…
CVE-2017-12353MedNov 30, 2017
Cisco Systems, Inc.
Asyncos
risk 0.38cvss 5.8epss 0.02
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper…
CVE-2017-12218MedSep 7, 2017
Cisco Systems, Inc.
Asyncos
risk 0.38cvss 5.8epss 0.02
A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to…
CVE-2016-1411MedDec 14, 2016
Cisco Systems, Inc.
Web Security Appliance
risk 0.38cvss 5.9epss 0.01
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update…
CVE-2017-12309MedNov 16, 2017
Cisco Systems, Inc.
Email Security Appliance Firmware
risk 0.35cvss 5.3epss 0.02
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker…
CVE-2016-6463MedNov 19, 2016
Cisco Systems, Inc.
AsyncOS Software
risk 0.35cvss 5.3epss 0.01
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…
CVE-2016-6462MedNov 19, 2016
Cisco Systems, Inc.
AsyncOS Software
risk 0.35cvss 5.3epss 0.02
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…
CVE-2016-6465MedDec 14, 2016
Cisco Systems, Inc.
Web Security Appliance
risk 0.28cvss 4.3epss 0.02
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected…