CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34749 – Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
https://notcve.org/view.php?id=CVE-2021-34749
A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks. Una vulnerabilidad en el filtrado de peticiones Server Name Identification (SNI) de Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD) y Snort detection engine podría permitir a un atacante no autenticado remoto omitir la tecnología de filtrado en un dispositivo afectado y exfiltrar datos de un host comprometido. • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN https://www.debian.org/security/2023/dsa-5354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1271 – Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1271
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. Una vulnerabilidad en la interfaz de administración basada en web de Cisco AsyncOS para Cisco Web Security Appliance (WSA), podría permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2014-2137
https://notcve.org/view.php?id=CVE-2014-2137
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. Vulnerabilidad de inyección CRLF en el framework web en Cisco Web Security Appliance (WSA) 7.7 y anteriores permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de redirección a través de una URL manipulada, también conocido como Bug ID CSCuj61002. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137 http://tools.cisco.com/security/center/viewAlert.x?alertId=33608 • CWE-20: Improper Input Validation •