Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Cisco Subscribe
Filtered by product Content Security Management Virtual Appliance
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0732 1 Cisco 3 Content Security Management Virtual Appliance, Email Security Appliance Firmware, Web Security Appliance 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.
CVE-2015-4216 1 Cisco 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance 2016-12-28 5.0 MEDIUM N/A
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
CVE-2015-4217 1 Cisco 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance 2016-12-28 4.3 MEDIUM N/A
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.