CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6661
https://notcve.org/view.php?id=CVE-2017-6661
13 Jun 2017 — A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. Una vulnerabilidad en la interfaz de administración basada en web de Email Sec... • http://www.securityfocus.com/bid/98950 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-1411
https://notcve.org/view.php?id=CVE-2016-1411
14 Dec 2016 — A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. ... • http://www.securityfocus.com/bid/94791 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
05 Oct 2016 — The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 40%CPEs: 45EXPL: 2CVE-2016-2183 – SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
https://notcve.org/view.php?id=CVE-2016-2183
01 Sep 2016 — The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen ... • https://packetstorm.news/files/id/142756 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6288
https://notcve.org/view.php?id=CVE-2015-6288
14 Sep 2015 — Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. Vulnerabilidad en Cisco Content Security Management Appliance (SMA) 7.8.0-000, no valida correctamente las credenciales, lo que permite a atacantes remotos causar una denegación de servicio (rollover rápido de archivo de registro y fallo de aplicación) a ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40847 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4322
https://notcve.org/view.php?id=CVE-2015-4322
19 Aug 2015 — Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. Vulnerabilidad en Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, y 9.1.0-103, restringe incorrectamente los privilegios disponibles tras la autenticación LDAP, lo que ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40450 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •