Cisco

Web Security Virtual Appliance

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2021-1271

  • EPSS 0.17%
  • Published 20.01.2021 20:15:15
  • Last modified 21.11.2024 05:43:58

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an af...

7.2

CVE-2017-6748

  • EPSS 0.32%
  • Published 25.07.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administ...

5.4

CVE-2017-6749

  • EPSS 0.24%
  • Published 25.07.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an...

7.5

CVE-2017-6750

  • EPSS 0.75%
  • Published 25.07.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas...

7.5

CVE-2017-6751

  • EPSS 0.47%
  • Published 25.07.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface ...

4.3

CVE-2015-6290

  • EPSS 0.48%
  • Published 14.09.2015 01:59:07
  • Last modified 12.04.2025 10:46:40

Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.

5

CVE-2015-6287

  • EPSS 0.72%
  • Published 14.09.2015 01:59:05
  • Last modified 12.04.2025 10:46:40

Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.

4.3

CVE-2015-4217

  • EPSS 0.68%
  • Published 26.06.2015 10:59:04
  • Last modified 12.04.2025 10:46:40

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different custom...

5

CVE-2015-4216

  • EPSS 0.88%
  • Published 26.06.2015 10:59:03
  • Last modified 12.04.2025 10:46:40

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across differ...

4.3

CVE-2014-2137

  • EPSS 0.21%
  • Published 02.04.2014 03:58:17
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.