CVE-2016-9202
https://notcve.org/view.php?id=CVE-2016-9202
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Email Security Appliance (ESA) Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS sostenido contra el usuario de la interfaz afectada en un dispositivo afectado. Más Información: CSCvb37346. • http://www.securityfocus.com/bid/94799 http://www.securitytracker.com/id/1037423 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1411
https://notcve.org/view.php?id=CVE-2016-1411
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. Una vulnerabilidad en la funcionalidad de actualización de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) y Cisco Content Management Security Appliance (SMA) puede permitir a un atacante remoto no autenticado imitar el servidor de actualización. • http://www.securityfocus.com/bid/94791 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos • CWE-310: Cryptographic Issues •
CVE-2016-6465
https://notcve.org/view.php?id=CVE-2016-6465
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047. Una vulnerabilidad en la funcionalidad de filtro de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances y Cisco Web Security Appliances puede permitir a un atacante remoto no autenticado eludir los filtros de usuario que están configurados para el dispositivo afectado. • http://www.securityfocus.com/bid/94901 http://www.securitytracker.com/id/1037404 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa • CWE-20: Improper Input Validation •
CVE-2016-6360
https://notcve.org/view.php?id=CVE-2016-6360
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. • http://www.securityfocus.com/bid/93910 http://www.securitytracker.com/id/1037120 http://www.securitytracker.com/id/1037121 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3 • CWE-20: Improper Input Validation •
CVE-2016-1486
https://notcve.org/view.php?id=CVE-2016-1486
A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. • http://www.securityfocus.com/bid/93906 http://www.securitytracker.com/id/1037124 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 • CWE-19: Data Processing Errors •