Vulnerabilities > Cisco > Email Security Appliance Firmware

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2017-3827 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.
network
low complexity
cisco CWE-20
5.8
5.8
2017-02-03 CVE-2017-3818 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 9.7.1066
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass.
network
low complexity
cisco CWE-20
5.8
5.8
2016-11-19 CVE-2016-6463 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/9.7.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
5.3
2016-11-19 CVE-2016-6462 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/10.0.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
5.3
2016-11-19 CVE-2016-6458 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device.
network
low complexity
cisco CWE-20
7.5
7.5
2016-09-22 CVE-2016-6406 Permissions, Privileges, and Access Controls vulnerability in Cisco Email Security Appliance Firmware
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.
network
low complexity
cisco CWE-264
critical
 9.8
9.8