VYPR

Web Security Appliance

by Cisco Systems, Inc.

CVEs (82)

  • CVE-2023-20215Aug 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper…

  • CVE-2023-20120Jun 28, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20028Jun 28, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2022-20952Feb 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that…

  • CVE-2022-20942Nov 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve…

  • CVE-2022-20868Nov 3, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid…

  • CVE-2021-34749Aug 18, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device…

  • CVE-2020-3367Nov 18, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to…

  • CVE-2019-15969Sep 23, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to…

  • CVE-2012-1326Jan 15, 2020
    risk 0.00cvss epss 0.01

    Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

  • CVE-2012-1316Jan 15, 2020
    risk 0.00cvss epss 0.01

    Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

  • CVE-2012-0334Jan 15, 2020
    risk 0.00cvss epss 0.00

    Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

  • CVE-2019-1884Jul 4, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input…

  • CVE-2019-1886Jul 4, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server…

  • CVE-2019-1817May 3, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP…

  • CVE-2019-1816May 3, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the…

  • CVE-2015-6386Dec 1, 2015
    risk 0.00cvss epss 0.02

    The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID…

  • CVE-2015-6298Nov 6, 2015
    risk 0.00cvss epss 0.02

    The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted…

  • CVE-2015-6292Nov 6, 2015
    risk 0.00cvss epss 0.02

    The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory…

  • CVE-2015-6321Nov 6, 2015
    risk 0.00cvss epss 0.03

    Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA)…