VYPR

Web Security Appliance \(wsa\)

by Cisco Systems, Inc.

CVEs (33)

  • CVE-2019-15956HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization…

  • CVE-2021-34698HigOct 6, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory…

  • CVE-2019-1886HigJul 4, 2019
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server…

  • CVE-2020-3367HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to…

  • CVE-2019-1816HigMay 3, 2019
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the…

  • CVE-2019-1884HigJul 4, 2019
    risk 0.50cvss 7.7epss 0.02

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input…

  • CVE-2019-1817HigMay 3, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP…

  • CVE-2016-1383HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

  • CVE-2016-1382HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

  • CVE-2021-1566HigJun 16, 2021
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected…

  • CVE-2012-1326HigJan 15, 2020
    risk 0.48cvss 7.4epss 0.01

    Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

  • CVE-2012-0334MedJan 15, 2020
    risk 0.42cvss 6.4epss 0.00

    Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

  • CVE-2021-1359MedJul 8, 2021
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of…

  • CVE-2019-15969MedSep 23, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to…

  • CVE-2018-0093MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2022-20784MedApr 6, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This…

  • CVE-2021-34749MedAug 18, 2021
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device…

  • CVE-2012-1316MedJan 15, 2020
    risk 0.38cvss 5.9epss 0.01

    Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

  • CVE-2019-1672MedFeb 8, 2019
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability…

  • CVE-2023-20120MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

Page 1 of 2