CVE-2022-20675 – Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20675
A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition. Una vulnerabilidad en la pila TCP/IP de Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) y Cisco Secure Email and Web Manager, anteriormente Security Management Appliance, podría permitir a un atacante remoto no autenticado bloquear el Servicio del Protocolo Simple de Administrador de Redes (SNMP), resultando en una situación de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK • CWE-248: Uncaught Exception •
CVE-2022-20639 – Cisco Security Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20639
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Security Manager podrían permitir a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-20638 – Cisco Security Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20638
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Security Manager podrían permitir a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-20637 – Cisco Security Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20637
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Security Manager podrían permitir a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-20636 – Cisco Security Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20636
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Security Manager podrían permitir a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting contra un usuario de la interfaz. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •