Vulnerabilities > Cisco > Email Security Appliance > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-20009 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. | 7.2 |
| 2022-11-04 | CVE-2022-20960 | Improper Certificate Validation vulnerability in Cisco Email Security Appliance A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. | 7.5 |
| 2022-06-15 | CVE-2022-20664 | Information Exposure vulnerability in Cisco Email Security Appliance A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. | 7.7 |
| 2021-06-16 | CVE-2021-1566 | Improper Certificate Validation vulnerability in Cisco Asyncos and Email Security Appliance A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. | 7.4 |
| 2020-02-19 | CVE-2020-3132 | Resource Exhaustion vulnerability in Cisco Cloud Email Security and Email Security Appliance A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. | 7.1 |
| 2019-01-10 | CVE-2018-15460 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Asyncos A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. | 7.8 |
| 2016-10-28 | CVE-2016-6356 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. | 7.8 |
| 2016-10-28 | CVE-2016-1486 | Data Processing Errors vulnerability in Cisco Email Security Appliance A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. | 7.8 |
| 2016-10-28 | CVE-2016-1481 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. | 7.8 |
| 2015-11-06 | CVE-2015-6321 | Resource Management Errors vulnerability in Cisco products Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | 7.8 |