Vulnerabilities > Cisco > Email Security Appliance Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-12706 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device.
network
low complexity
cisco CWE-20
7.5
7.5
2019-08-08 CVE-2019-1955 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 12.0/3.3.109
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.
network
low complexity
cisco CWE-20
7.5
7.5
2019-01-10 CVE-2018-15453 Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory.
network
low complexity
cisco CWE-787
8.6
8.6
2017-06-13 CVE-2017-6671 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.1087/9.7.1066
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter.
network
low complexity
cisco CWE-20
7.5
7.5
2016-11-19 CVE-2016-6458 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device.
network
low complexity
cisco CWE-20
7.5
7.5