CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-6751
https://notcve.org/view.php?id=CVE-2017-6751
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podría permitir que un atacante remoto no autenticado redirija tráfico de la interfaz proxy web de un dispositivo afectado a una interfaz de administración de un dispositivo afectado. • http://www.securityfocus.com/bid/99967 http://www.securitytracker.com/id/1038959 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6746
https://notcve.org/view.php?id=CVE-2017-6746
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. • http://www.securityfocus.com/bid/99877 http://www.securitytracker.com/id/1038948 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3870
https://notcve.org/view.php?id=CVE-2017-3870
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010. Una vulnerabilidad en la característica de filtrado de URL de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA) podría permitir a un atacante remoto no autenticado omitir una regla de filtro de URL configurada. • http://www.securityfocus.com/bid/96907 http://www.securitytracker.com/id/1038043 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-3827
https://notcve.org/view.php?id=CVE-2017-3827
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233. Una vulnerabilidad en el escáner Multipurpose Internet Mail Extensions (MIME) de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) y Web Security Appliances (WSA) podría permitir a un atacante remoto no autenticado eludir filtros configurados por en usuario en el dispositivo. • http://www.securityfocus.com/bid/96239 http://www.securitytracker.com/id/1037831 http://www.securitytracker.com/id/1037832 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9212
https://notcve.org/view.php?id=CVE-2016-9212
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. Una vulnerabilidad en el parámetro de configuración Decrypt for End-User Notification en Cisco AsyncOS Software para Cisco Web Security Appliances podría permitir a un atacante remoto no autenticado conectarse a un sitio web seguro sobre Secure Sockets Layer (SSL) o Transport Layer Security (TLS), incluso si el WSA está configurado para bloquear conexiones al sitio web. • http://www.securityfocus.com/bid/94774 http://www.securitytracker.com/id/1037410 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1 • CWE-20: Improper Input Validation •