The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco AsyncOS

computer vulnerability announce CVE-2017-12353

Cisco Email Security Appliance: privilege escalation via MIME Header

Synthesis of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: document.
Creation date: 30/11/2017.
Revision date: 11/12/2017.
Identifiers: cisco-sa-20171129-esa, CSCvf44666, CVE-2017-12353, VIGILANCE-VUL-24577.

Description of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12309

Cisco ESA/SMA: read-write access via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-esa, CSCvf16705, CSCvj76180, CVE-2017-12309, VIGILANCE-VUL-24477.

Description of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12303

Cisco WSA: privilege escalation via AMP Filtering

Synthesis of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-wsa, CSCvf52943, CVE-2017-12303, VIGILANCE-VUL-24472.

Description of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12215

Cisco ESA: memory leak via Attachments

Synthesis of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/09/2017.
Identifiers: CERTFR-2017-AVI-317, cisco-sa-20170920-esa, CSCvd29354, CVE-2017-12215, VIGILANCE-VUL-23896.

Description of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-12218

Cisco Email Security Appliance: delivery of malicious EML attachment

Synthesis of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-esa, CSCuz81533, CVE-2017-12218, VIGILANCE-VUL-23765.

Description of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6783

Cisco WSA/ESA/SMA: information disclosure via SNMP Polling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA, Cisco WSA.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-csa, CSCve26106, CSCve26202, CSCve26224, CVE-2017-6783, VIGILANCE-VUL-23555.

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6748

Cisco WSA: privilege escalation via Command Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa2, CSCvd88855, CVE-2017-6748, VIGILANCE-VUL-23305.

Description of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6749

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa3, CSCvd88865, CVE-2017-6749, VIGILANCE-VUL-23304.

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6750

Cisco WSA: privilege escalation via Static Credentials

Synthesis of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa4, CSCve06124, CVE-2017-6750, VIGILANCE-VUL-23303.

Description of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6751

Cisco WSA: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa5, CSCvd88863, CVE-2017-6751, VIGILANCE-VUL-23302.

Description of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco AsyncOS: