Cisco » Email Security Appliance : Security Vulnerabilities, CVEs,
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
Max CVSS
6.8
EPSS Score
0.11%
Published
2015-10-02
Updated
2018-10-30
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
Max CVSS
6.4
EPSS Score
0.13%
Published
2015-09-14
Updated
2017-01-04
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470.
Max CVSS
4.3
EPSS Score
0.05%
Published
2015-07-29
Updated
2015-07-29
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.
Max CVSS
4.3
EPSS Score
0.26%
Published
2015-07-10
Updated
2018-10-30
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
Max CVSS
5.0
EPSS Score
0.13%
Published
2015-06-13
Updated
2017-01-04
5 vulnerabilities found