Skip to main content

Content Security Management Appliance CVE-2015-0624

MEDIUM
Improper Input Validation (CWE-20)
2015-02-21 psirt@cisco.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 21, 2015 - 11:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

AnalysisAI

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Affected products include: Cisco Content Security Management Appliance, Cisco Web Security Appliance, Cisco Email Security Appliance Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-2119 HIGH
8.5 Mar 21

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7

CVE-2014-3289 MEDIUM POC
4.3 Jun 10

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Applianc

CVE-2015-6321 HIGH
7.8 Nov 06

Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Em

CVE-2013-5537 HIGH
7.8 Oct 24

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management

CVE-2013-3395 MEDIUM
6.8 Jul 02

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devi

CVE-2021-1447 MEDIUM
6.7 May 06

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (

CVE-2021-1516 MEDIUM
6.5 May 06

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Ap

CVE-2020-3447 MEDIUM
6.5 Aug 17

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content

CVE-2018-0140 MEDIUM
6.5 Feb 08

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance

CVE-2017-6661 MEDIUM
6.1 Jun 13

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security

CVE-2020-3178 MEDIUM
6.1 May 06

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance

CVE-2018-15393 MEDIUM
6.1 Nov 08

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software coul

Share

CVE-2015-0624 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy