The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of AsyncOS

computer vulnerability bulletin CVE-2019-1933

Cisco Email Security Appliance: privilege escalation via Script Filter Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Script Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 04/07/2019.
Identifiers: CERTFR-2019-AVI-304, cisco-sa-20190703-esa-filterpass, CSCvo55451, CVE-2019-1933, VIGILANCE-VUL-29688.

Description of the vulnerability

An attacker can bypass restrictions via Script Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-1921

Cisco Email Security Appliance: privilege escalation via Content Filter Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 04/07/2019.
Identifiers: CERTFR-2019-AVI-304, cisco-sa-20190703-esa-bypass, CSCvp88949, CVE-2019-1921, VIGILANCE-VUL-29687.

Description of the vulnerability

An attacker can bypass restrictions via Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1905

Cisco Email Security Appliance: privilege escalation via GZIP Content Filter Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via GZIP Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: document.
Creation date: 20/06/2019.
Identifiers: CERTFR-2019-AVI-284, cisco-sa-20190619-esa-bypass, CSCvo82840, CVE-2019-1905, VIGILANCE-VUL-29570.

Description of the vulnerability

An attacker can bypass restrictions via GZIP Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1816

Cisco Web Security Appliance: code execution via Log Subscription Subsystem

Synthesis of the vulnerability

An attacker can use a vulnerability via Log Subscription Subsystem of Cisco Web Security Appliance, in order to run code.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-193, cisco-sa-20190501-wsa-privesc, CSCvk68106, CVE-2019-1816, VIGILANCE-VUL-29190.

Description of the vulnerability

An attacker can use a vulnerability via Log Subscription Subsystem of Cisco Web Security Appliance, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-1844

Cisco Email Security Appliance: privilege escalation via Filter Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 02/05/2019.
Identifiers: cisco-sa-20190501-esa-bypass, CSCvm36810, CVE-2019-1844, VIGILANCE-VUL-29187.

Description of the vulnerability

An attacker can bypass restrictions via Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-1831

Cisco Email Security Appliance: privilege escalation via Content Filter Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-esa-filter-bypass, CSCvo01349, CSCvo78686, CVE-2019-1831, VIGILANCE-VUL-29082.

Description of the vulnerability

An attacker can bypass restrictions via Content Filter Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-1672

Cisco Web Security Appliance: privilege escalation via Decryption Policy Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Decryption Policy Bypass of Cisco Web Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: intranet client.
Creation date: 07/02/2019.
Identifiers: cisco-sa-20190206-wsa-bypass, CSCvm91630, CVE-2019-1672, VIGILANCE-VUL-28461.

Description of the vulnerability

An attacker can bypass restrictions via Decryption Policy Bypass of Cisco Web Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-15393

Cisco Content Security Management Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Impacted products: AsyncOS, Cisco Content SMA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/11/2018.
Identifiers: CERTFR-2018-AVI-536, cisco-sa-20181107-sma-xss, CSCvk59387, CSCvn85626, CVE-2018-15393, VIGILANCE-VUL-27721.

Description of the vulnerability

The Cisco Content Security Management Appliance product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0447

Cisco Email Security Appliance: privilege escalation via URL Filtering Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via URL Filtering Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 06/09/2018.
Identifiers: CERTFR-2018-AVI-423, cisco-sa-20180905-esa-url-bypass, CSCvj55728, CSCvm26692, CVE-2018-0447, VIGILANCE-VUL-27158.

Description of the vulnerability

An attacker can bypass restrictions via URL Filtering Bypass of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0428

Cisco WSA: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-393, cisco-sa-20180815-wsa-escalation, CSCvj93548, CVE-2018-0428, VIGILANCE-VUL-26996.

Description of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about AsyncOS: