The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco ESA

cybersecurity bulletin CVE-2018-0140

Cisco Email Security Appliance, Content Security Management Appliance: mail disclosure

Synthesis of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-esacsm, CVE-2018-0140, VIGILANCE-VUL-25252.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can tamper with the spam manager of Cisco Email Security Appliance and Content Security Management Appliance, in order to get any any mail.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0095

Cisco ESA/SMA: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 18/01/2018.
Identifiers: CERTFR-2018-AVI-042, cisco-sa-20180117-esasma, CSCvb34303, CSCvb35726, CVE-2018-0095, VIGILANCE-VUL-25102.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via CLI of Cisco ESA/SMA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-12353

Cisco Email Security Appliance: privilege escalation via MIME Header

Synthesis of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Severity: 2/4.
Creation date: 30/11/2017.
Revision date: 11/12/2017.
Identifiers: cisco-sa-20171129-esa, CSCvf44666, CVE-2017-12353, VIGILANCE-VUL-24577.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via MIME Header of Cisco Email Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2017-12309

Cisco ESA/SMA: read-write access via HTTP Response Splitting

Synthesis of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-esa, CSCvf16705, CSCvj76180, CVE-2017-12309, VIGILANCE-VUL-24477.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via HTTP Response Splitting of Cisco ESA/SMA, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12215

Cisco ESA: memory leak via Attachments

Synthesis of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 21/09/2017.
Identifiers: CERTFR-2017-AVI-317, cisco-sa-20170920-esa, CSCvd29354, CVE-2017-12215, VIGILANCE-VUL-23896.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via Attachments of Cisco ESA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-12218

Cisco Email Security Appliance: delivery of malicious EML attachment

Synthesis of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Severity: 2/4.
Creation date: 07/09/2017.
Identifiers: cisco-sa-20170906-esa, CSCuz81533, CVE-2017-12218, VIGILANCE-VUL-23765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Email Security Appliance product does not correctly filter EML attachments.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-6783

Cisco WSA/ESA/SMA: information disclosure via SNMP Polling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-csa, CSCve26106, CSCve26202, CSCve26224, CVE-2017-6783, VIGILANCE-VUL-23555.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2017-6661

Cisco Email Security and Content Security Management Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 08/06/2017.
Identifiers: cisco-sa-20170607-esa, CVE-2017-6661, VIGILANCE-VUL-22926.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Email Security Appliance and Content Security Management Appliance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3733

OpenSSL: denial of service via the "Encrypt-Then-Mac" option

Synthesis of the vulnerability

An attacker can change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: 2003480, 2003620, 2003673, 2004940, CERTFR-2017-AVI-035, cisco-sa-20170130-openssl, cpuapr2019, cpujan2018, cpuoct2017, CVE-2017-3733, HPESBGN03728, VIGILANCE-VUL-21871.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

OpenSSL implements the possibility of renegotiation of TLS option and parameters during a session.

However, for some combinations of algorithms, the negation of the state of the option "Encrypt-Then-Mac" generates a fatal error.

An attacker can therefore change the state of the "Encrypt-Then-Mac" TLS option in a renegotiation with a server or client based on OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2017-3827

Cisco AsyncOS: filtering bypass via MIME typing

Synthesis of the vulnerability

An attacker can tamper with MIME headers in SMTP and HTTP connections filtered by Cisco AsyncOS, in order to bypass the content filtering.
Severity: 2/4.
Creation date: 16/02/2017.
Identifiers: CERTFR-2017-AVI-052, cisco-sa-20170215-asyncos, CVE-2017-3827, VIGILANCE-VUL-21863.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco AsyncOS product is used to filter exchanged data in mail and web.

However, some syntax errors in the MIME headers disable the processing of the current file.

An attacker can therefore tamper with MIME headers in SMTP and HTTP connections filtered by Cisco AsyncOS, in order to bypass the content filtering.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco ESA: