The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco AsyncOS

computer weakness note CVE-2018-0353

Cisco WSA: privilege escalation via Layer 4 Traffic Monitor

Synthesis of the vulnerability

An attacker can bypass restrictions via Layer 4 Traffic Monitor of Cisco WSA, in order to escalate his privileges.
Severity: 3/4.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-wsa, CSCvg78875, CVE-2018-0353, VIGILANCE-VUL-26348.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Layer 4 Traffic Monitor of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0087

Cisco Web Security Appliance: privilege escalation via FTP Authentication

Synthesis of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Severity: 3/4.
Creation date: 08/03/2018.
Identifiers: CERTFR-2018-AVI-116, cisco-sa-20180307-wsa, CSCvf74281, CVE-2018-0087, VIGILANCE-VUL-25488.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-0140

Cisco Email Security Appliance, Content Security Management Appliance: mail disclosure

Synthesis of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-esacsm, CVE-2018-0140, VIGILANCE-VUL-25252.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-0093

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 18/01/2018.
Identifiers: cisco-sa-20180117-wsa1, CSCvf37392, CVE-2018-0093, VIGILANCE-VUL-25115.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0095

Cisco ESA/SMA: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 18/01/2018.
Identifiers: CERTFR-2018-AVI-042, cisco-sa-20180117-esasma, CSCvb34303, CSCvb35726, CVE-2018-0095, VIGILANCE-VUL-25102.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-12353

Cisco Email Security Appliance: privilege escalation via MIME Header

Synthesis of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Severity: 2/4.
Creation date: 30/11/2017.
Revision date: 11/12/2017.
Identifiers: cisco-sa-20171129-esa, CSCvf44666, CVE-2017-12353, VIGILANCE-VUL-24577.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2017-12309

Cisco ESA/SMA: read-write access via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-esa, CSCvf16705, CSCvj76180, CVE-2017-12309, VIGILANCE-VUL-24477.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-12303

Cisco WSA: privilege escalation via AMP Filtering

Synthesis of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-wsa, CSCvf52943, CVE-2017-12303, VIGILANCE-VUL-24472.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12215

Cisco ESA: memory leak via Attachments

Synthesis of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 21/09/2017.
Identifiers: CERTFR-2017-AVI-317, cisco-sa-20170920-esa, CSCvd29354, CVE-2017-12215, VIGILANCE-VUL-23896.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-12218

Cisco Email Security Appliance: delivery of malicious EML attachment

Synthesis of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Severity: 2/4.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-esa, CSCuz81533, CVE-2017-12218, VIGILANCE-VUL-23765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco AsyncOS: