Vulnerabilities > Cisco > Email Security Appliance > 14.0.3.015

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-20009 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access.
network
low complexity
cisco CWE-434
7.2
2023-03-01 CVE-2023-20075 OS Command Injection vulnerability in Cisco Email Security Appliance
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI.
local
low complexity
cisco CWE-78
6.7
2022-11-04 CVE-2022-20960 Improper Certificate Validation vulnerability in Cisco Email Security Appliance
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device.
network
low complexity
cisco CWE-295
7.5