Cisco Email Security Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Email Security Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-20798 — CVSS 9.8 (critical): A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security…
CVE-2019-1947 — CVSS 8.6 (high): A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2015-6321 — CVSS 7.8 (high): Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security…
CVE-2015-6291 — CVSS 7.8 (high): Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices…
CVE-2022-20664 — CVSS 7.7 (high): A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA)…
CVE-2022-20960 — CVSS 7.5 (high): A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause…
CVE-2016-1405 — CVSS 7.5 (high): libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices…
CVE-2016-1480 — CVSS 7.5 (high): A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances…
CVE-2016-1481 — CVSS 7.5 (high): A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an…
CVE-2016-1486 — CVSS 7.5 (high): A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software…
CVE-2016-6356 — CVSS 7.5 (high): A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an…
CVE-2016-6357 — CVSS 7.5 (high): A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance…
CVE-2016-6358 — CVSS 7.5 (high): A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial…
CVE-2016-6360 — CVSS 7.5 (high): A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could…
CVE-2016-6372 — CVSS 7.5 (high): A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco…
CVE-2018-0419 — CVSS 7.5 (high): A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote…
CVE-2020-3133 — CVSS 7.5 (high): A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2021-1566 — CVSS 7.4 (high): A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security…
CVE-2015-6309 — CVSS 6.8 (medium): Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service…
CVE-2020-3134 — CVSS 6.5 (medium): A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2020-3181 — CVSS 6.5 (medium): A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email…
CVE-2023-20009 — CVSS 6.5 (medium): A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA)…
CVE-2015-6285 — CVSS 6.4 (medium): Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service…
CVE-2016-9202 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated…
CVE-2020-3137 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote…
CVE-2017-6661 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management…
CVE-2016-1423 — CVSS 6.1 (medium): A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security…
CVE-2023-20075 — CVSS 6.0 (medium): Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These…
CVE-2016-1411 — CVSS 5.9 (medium): A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security…
CVE-2016-6416 — CVSS 5.9 (medium): The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA)…
CVE-2020-3132 — CVSS 5.9 (medium): A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2019-1921 — CVSS 5.8 (medium): A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2019-1933 — CVSS 5.8 (medium): A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2019-1831 — CVSS 5.8 (medium): A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2020-3370 — CVSS 5.8 (medium): A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to…
CVE-2017-3800 — CVSS 5.8 (medium): A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an…
CVE-2019-1905 — CVSS 5.8 (medium): A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2020-3447 — CVSS 5.5 (medium): A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security…
CVE-2020-3164 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security…
CVE-2018-0447 — CVSS 5.3 (medium): A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow…
CVE-2019-1844 — CVSS 5.3 (medium): A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated…
CVE-2019-1983 — CVSS 5.3 (medium): A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content…
CVE-2020-3548 — CVSS 5.3 (medium): A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security…
CVE-2021-1129 — CVSS 5.3 (medium): A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content…
CVE-2015-4184 — CVSS 5.0 (medium): The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to…
CVE-2021-1516 — CVSS 4.3 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA)…
CVE-2017-6783 — CVSS 4.3 (medium): A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management…
CVE-2016-6465 — CVSS 4.3 (medium): A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security…
CVE-2015-4288 — CVSS 4.3 (medium): The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security…
CVE-2015-4236 — CVSS 4.3 (medium): Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled…