The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Content SMA

cybersecurity bulletin CVE-2018-0140

Cisco Email Security Appliance, Content Security Management Appliance: mail disclosure

Synthesis of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-esacsm, CVE-2018-0140, VIGILANCE-VUL-25252.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0095

Cisco ESA/SMA: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 18/01/2018.
Identifiers: CERTFR-2018-AVI-042, cisco-sa-20180117-esasma, CSCvb34303, CSCvb35726, CVE-2018-0095, VIGILANCE-VUL-25102.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2017-12309

Cisco ESA/SMA: read-write access via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-esa, CSCvf16705, CSCvj76180, CVE-2017-12309, VIGILANCE-VUL-24477.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-6783

Cisco WSA/ESA/SMA: information disclosure via SNMP Polling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-csa, CSCve26106, CSCve26202, CSCve26224, CVE-2017-6783, VIGILANCE-VUL-23555.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2017-6661

Cisco Email Security and Content Security Management Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/06/2017.
Identifiers: cisco-sa-20170607-esa, CVE-2017-6661, VIGILANCE-VUL-22926.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3733

OpenSSL: denial of service via the "Encrypt-Then-Mac" option

Synthesis of the vulnerability

An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpuapr2019, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.

However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.

An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-9202

Cisco ESA, SMA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco ESA/SMA, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-esa1, CSCvb37346, CVE-2016-9202, VIGILANCE-VUL-21313.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Email Security Appliance or Cisco Content Security Management Appliance product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco ESA/SMA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2016-1411

Cisco AsyncOS: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Cisco AsyncOS, in order to read or write data in the session.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: cisco-sa-20161207-asyncos, CSCul88715, CSCul94617, CSCul94627, CVE-2016-1411, VIGILANCE-VUL-21309.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Cisco AsyncOS, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-6416

Cisco AsyncOS: denial of service via FTP

Synthesis of the vulnerability

An attacker can send malicious FTP packets to Cisco AsyncOS, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 29/09/2016.
Identifiers: cisco-sa-20160928-aos, CSCuz82907, CSCuz84330, CSCuz86065, CVE-2016-6416, VIGILANCE-VUL-20718.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco AsyncOS product has a service to manage received FTP packets.

However, when numerous FTP packets are received, a fatal error occurs.

An attacker can therefore send malicious FTP packets to Cisco AsyncOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Content SMA: