VYPR

Web Security Appliance

by Cisco Systems, Inc.

CVEs (82)

  • CVE-2018-0410HigAug 15, 2018
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists…

  • CVE-2018-0353HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the…

  • CVE-2017-6751HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an…

  • CVE-2017-6750HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static…

  • CVE-2016-9212HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security…

  • CVE-2016-6469HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known…

  • CVE-2016-6372HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to…

  • CVE-2016-6360HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting.…

  • CVE-2016-6407HigSep 17, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

  • CVE-2016-1405HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.03

    libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial…

  • CVE-2016-1383HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

  • CVE-2016-1382HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

  • CVE-2016-1381HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

  • CVE-2016-1380HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

  • CVE-2016-1296HigJan 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

  • CVE-2017-6746HigJul 25, 2017
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco…

  • CVE-2018-0428MedAug 15, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper…

  • CVE-2017-6748MedJul 25, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials.…

  • CVE-2018-0406MedAug 1, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based…

  • CVE-2018-0366MedJul 16, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

Page 1 of 5