CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1129 – Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1129
20 Jan 2021 — A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15969 – Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15969
23 Sep 2020 — A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wsa-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3117 – Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3117
23 Sep 2020 — A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-wsa-sma-header-inject • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-3547 – Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3547
04 Sep 2020 — A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3164 – Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3164
04 Mar 2020 — A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cont-sec-gui-dos-nJ625dXb • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1326
https://notcve.org/view.php?id=CVE-2012-1326
15 Jan 2020 — Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks Cisco IronPort Web Security Appliance versiones hasta 7.5 incluyéndola, no comprueba las restricciones básicas del certificado de autoridad que podría conllevar a ataques de tipo MITM. • http://www.securityfocus.com/bid/52981 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1316
https://notcve.org/view.php?id=CVE-2012-1316
15 Jan 2020 — Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks Cisco IronPort Web Security Appliance no comprueba la revocación del certificado, lo que podría conllevar a ataques de tipo MITM. • http://www.securityfocus.com/bid/52981 • CWE-295: Improper Certificate Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0334
https://notcve.org/view.php?id=CVE-2012-0334
15 Jan 2020 — Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks El software Cisco IronPort Web Security Appliance AsyncOS versiones anteriores a 7.5, presenta una vulnerabilidad de Almacenamiento en Caché de Certificado SSL lo que podría permitir ataques de tipo man-in-the-middle. • http://www.securityfocus.com/bid/52981 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15956 – Cisco Web Security Appliance Unauthorized Device Reset Vulnerability
https://notcve.org/view.php?id=CVE-2019-15956
26 Nov 2019 — A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wsa-unauth-devreset • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1884 – Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1884
04 Jul 2019 — A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-asyncos-wsa • CWE-20: Improper Input Validation •