Cisco Email Security Appliance Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Email Security Appliance Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2016-6406 — CVSS 9.8 (critical): Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security…
CVE-2018-15453 — CVSS 8.6 (high): A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting…
CVE-2014-2119 — CVSS 8.5 (high): The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x…
CVE-2013-5537 — CVSS 7.8 (high): The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA)…
CVE-2016-6458 — CVSS 7.5 (high): A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an…
CVE-2017-6671 — CVSS 7.5 (high): A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2019-1955 — CVSS 7.5 (high): A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA)…
CVE-2019-15961 — CVSS 7.5 (high): A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an…
CVE-2019-12706 — CVSS 7.5 (high): A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could…
CVE-2013-3395 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security…
CVE-2015-6309 — CVSS 6.8 (medium): Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service…
CVE-2018-0140 — CVSS 6.5 (medium): A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an…
CVE-2017-3827 — CVSS 5.8 (medium): A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances…
CVE-2017-3818 — CVSS 5.8 (medium): A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances…
CVE-2016-6462 — CVSS 5.3 (medium): A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an…
CVE-2016-6463 — CVSS 5.3 (medium): A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an…
CVE-2017-12309 — CVSS 5.3 (medium): A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response…
CVE-2019-15988 — CVSS 5.3 (medium): A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2022-20772 — CVSS 4.7 (medium): A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote…
CVE-2015-0734 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject…
CVE-2015-0732 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA)…
CVE-2015-0624 — CVSS 4.3 (medium): The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security…
CVE-2014-3289 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web…
CVE-2019-15971 — CVSS 4.3 (medium): A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an…
CVE-2014-2195 — CVSS 4.3 (medium): Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled…
CVE-2015-4236 — CVSS 4.3 (medium): Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled…
CVE-2015-4278 — CVSS 4.3 (medium): Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service…