Page 2 of 10 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. Una vulnerabilidad en el escaneo de mensajes de correo electrónico de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado omitir los filtros configurados en el dispositivo, como lo demuestra el Attachment Filter. • http://www.securityfocus.com/bid/98969 http://www.securitytracker.com/id/1038635 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. • http://www.securityfocus.com/bid/94074 http://www.securitytracker.com/id/1037182 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. • http://www.securityfocus.com/bid/94360 http://www.securitytracker.com/id/1037307 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. • http://www.securityfocus.com/bid/94363 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124 y 10.0.0-125 en dispositivos Email Security Appliance (ESA), cuando se instala Enrollment Client en versiones anteriores a 1.0.2-065, permite a atacantes remotos obtener acceso root a través de una conexión a la interfaz testing/debugging, vulnerabilidad también conocida como Bug ID CSCvb26017. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa http://www.securityfocus.com/bid/93116 http://www.securitytracker.com/id/1036881 • CWE-264: Permissions, Privileges, and Access Controls •