CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12635 – Cisco Content Security Management Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12635
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users. Una vulnerabilidad en el módulo de autorización de Cisco Content Security Management Appliance (SMA) Software, podría permitir a un atacante remoto autenticado conseguir acceso al correo electrónico fuera de alcance. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sma-info-dis • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-1411
https://notcve.org/view.php?id=CVE-2016-1411
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. Una vulnerabilidad en la funcionalidad de actualización de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) y Cisco Content Management Security Appliance (SMA) puede permitir a un atacante remoto no autenticado imitar el servidor de actualización. • http://www.securityfocus.com/bid/94791 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos http://www.securityfocus.com/bid/93198 http://www.securitytracker.com/id/1036915 http://www.securitytracker.com/id/1036916 http://www.securitytracker.com/id/1036917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. Cisco AsyncOS en versiones anteriores a 8.5.7-042, 9.x en versiones anteriores a 9.1.0-032, 9.1.x en versiones anteriores a 9.1.1-023 y 9.5.x y 9.6.x en versiones anteriores a 9.6.0-042 en dispositivos Email Security Appliance (ESA); en versiones anteriores a 9.1.0-032, 9.1.1 en versiones anteriores a 9.1.1-005 y 9.5.x en versiones anteriores a 9.5.0-025 en dispositivos Content Security Management Appliance (SMA); y en versiones anteriores a 7.7.0-725 y 8.x en versiones anteriores a 8.0.8-113 en dispositivos Web Security Appliance (WSA) permite atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una inundación de paquetes TCP, también conocidos como Bug IDs CSCus79774, CSCus79777 y CSCzv95795. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos http://www.securitytracker.com/id/1034060 http://www.securitytracker.com/id/1034061 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4322
https://notcve.org/view.php?id=CVE-2015-4322
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. Vulnerabilidad en Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, y 9.1.0-103, restringe incorrectamente los privilegios disponibles tras la autenticación LDAP, lo que permite a usuarios remotos autenticados leer o escribir en una carpeta de Cuarentena de Spam de un usuario arbitrario visitando una URL de notificación de spam, también conocida como Bug ID CSCuv65894. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40450 http://www.securityfocus.com/bid/76365 http://www.securitytracker.com/id/1033322 • CWE-264: Permissions, Privileges, and Access Controls •