cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1425,https://securityvulnerability.io/vulnerability/CVE-2021-1425,Cisco AsyncOS Software Vulnerability Could Allow Access to Sensitive Information,"A security vulnerability exists within the web-based management interface of Cisco AsyncOS Software for Content Security Management Appliances. This issue arises from sensitive information being transmitted in HTTP requests between the user and the device. An authenticated remote attacker could exploit this flaw by examining raw HTTP requests sent to the management interface, potentially leading to the unauthorized access of stored passwords and other confidential information. Cisco has addressed this concern with software updates, but no workarounds are available to mitigate the risk.",Cisco,Cisco Secure Email And Web Manager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:36:48.271Z,0
CVE-2024-20472,https://securityvulnerability.io/vulnerability/CVE-2024-20472,Cisco FMC Software Vulnerability Could Lead to SQL Injection Attacks,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.",Cisco,Secure Firewall Management Center,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-23T18:15:00.000Z,0
CVE-2024-20473,https://securityvulnerability.io/vulnerability/CVE-2024-20473,Cisco Secure Firewall Management Center Software Vulnerability to SQL Injection Attacks,"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges.",Cisco,Secure Firewall Management Center,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-23T18:15:00.000Z,0
CVE-2024-20383,https://securityvulnerability.io/vulnerability/CVE-2024-20383,Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks,"A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system.
 The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system.",Cisco,Cisco Secure Email And Web Manager,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-15T17:59:49.921Z,0
CVE-2024-20256,https://securityvulnerability.io/vulnerability/CVE-2024-20256,Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks,"A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,"Cisco Secure Web Appliance,Cisco Secure Email And Web Manager",4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-15T17:56:38.074Z,0
CVE-2024-20258,https://securityvulnerability.io/vulnerability/CVE-2024-20258,Cisco AsyncOS Software Vulnerability Could Lead to XSS Attacks,"A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
 This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,"Cisco Secure Email,Cisco Secure Email And Web Manager",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-15T17:32:16.125Z,0
CVE-2023-20119,https://securityvulnerability.io/vulnerability/CVE-2023-20119,Cross-Site Scripting Vulnerability in Cisco AsyncOS Software for Email and Web Management,"A vulnerability exists in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, which may allow unauthorized remote attackers to exploit insufficient input validation. By enticing a user to click on a crafted link, an attacker could execute arbitrary script code within the context of the interface, potentially revealing sensitive browser-based information. Organizations utilizing these affected products should adopt rigorous security measures to mitigate this risk.",Cisco,Cisco Secure Email and Web Manager,6.1,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-20009,https://securityvulnerability.io/vulnerability/CVE-2023-20009,Privilege Escalation in Cisco Secure Email Gateway and Manager,"A vulnerability exists within the Web UI and administrative CLI of Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA). This security flaw enables both authenticated local and remote attackers to escalate their privileges, potentially gaining root access on the device. The issue arises from the mishandling of specially crafted SNMP configuration files. To exploit this vulnerability, an attacker must have valid user credentials with operational privileges. Once authenticated, the attacker can upload a malicious SNMP configuration file that could allow for the execution of commands as root, thereby compromising the device's integrity.",Cisco,"Cisco Secure Email,Cisco Secure Email and Web Manager",7.2,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2022-20942,https://securityvulnerability.io/vulnerability/CVE-2022-20942,Weak Authorization in Cisco Email Security Appliance and Web Manager,"A vulnerability present in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance arises from weak enforcement of back-end authorization checks. This enables authenticated remote attackers to send specifically crafted HTTP requests to the affected devices, leading to potential retrieval of sensitive information, including user credentials. The exploitation of this vulnerability poses significant risks as confidential data on the affected devices may be accessed without adequate authorization.",Cisco,"Cisco Secure Web Appliance,Cisco Secure Email,Cisco Secure Email And Web Manager",6.5,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-08-03T03:15:48.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20867,https://securityvulnerability.io/vulnerability/CVE-2022-20867,SQL Injection Vulnerability in Cisco Email Security Appliance,"A vulnerability in the web-based management interface of the Cisco Email Security Appliance could enable an authenticated remote attacker to execute SQL injection attacks with root-level access. This flaw arises from the improper validation of user-submitted parameters, permitting an attacker with high-privilege user credentials to issue malicious requests. By exploiting this vulnerability, an attacker could compromise sensitive data and alter stored information within the underlying database, posing significant security risks to affected systems.",Cisco,"Cisco Secure Email,Cisco Secure Email And Web Manager",5.4,MEDIUM,0.0008399999933317304,false,,false,false,true,2024-08-03T03:15:45.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20868,https://securityvulnerability.io/vulnerability/CVE-2022-20868,Privilege Escalation Vulnerability in Cisco Email Security Appliance,"A vulnerability exists in the web-based management interface of Cisco’s Email Security Appliance, Secure Email and Web Manager, and Secure Web Appliance. This flaw allows an authenticated remote attacker to elevate their privileges by exploiting a hardcoded value utilized for encrypting tokens in certain API calls. By authenticating and sending a specially crafted HTTP request, the attacker can impersonate another legitimate user, executing commands with the authority of that user. This could pose significant risks, particularly in environments where access to sensitive information and functionalities is controlled through user privileges.",Cisco,"Cisco Secure Web Appliance,Cisco Secure Email,Cisco Secure Email And Web Manager",4.7,MEDIUM,0.005590000189840794,false,,false,false,true,2024-08-03T03:15:45.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20772,https://securityvulnerability.io/vulnerability/CVE-2022-20772,HTTP Response Splitting Vulnerability in Cisco Email Security Appliances,"A vulnerability exists in Cisco Email Security Appliance and Cisco Secure Email and Web Manager that could allow an unauthenticated remote attacker to conduct an HTTP response splitting attack. This issue arises from the application’s failure to properly sanitize input values, making it possible for an attacker to inject malicious HTTP headers. By doing so, they can manipulate the response body or partition the response into multiple parts, leading to potential security breaches.",Cisco,"Cisco Secure Email,Cisco Secure Email And Web Manager",4.7,MEDIUM,0.0012100000167265534,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20651,https://securityvulnerability.io/vulnerability/CVE-2022-20651,Cisco Adaptive Security Device Manager Information Disclosure Vulnerability,"A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.",Cisco,Cisco Adaptive Security Device Manager (asdm),5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-06-22T14:15:00.000Z,0
CVE-2022-20637,https://securityvulnerability.io/vulnerability/CVE-2022-20637,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20647,https://securityvulnerability.io/vulnerability/CVE-2022-20647,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20645,https://securityvulnerability.io/vulnerability/CVE-2022-20645,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20635,https://securityvulnerability.io/vulnerability/CVE-2022-20635,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20636,https://securityvulnerability.io/vulnerability/CVE-2022-20636,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20641,https://securityvulnerability.io/vulnerability/CVE-2022-20641,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20642,https://securityvulnerability.io/vulnerability/CVE-2022-20642,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20640,https://securityvulnerability.io/vulnerability/CVE-2022-20640,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20639,https://securityvulnerability.io/vulnerability/CVE-2022-20639,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20644,https://securityvulnerability.io/vulnerability/CVE-2022-20644,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20646,https://securityvulnerability.io/vulnerability/CVE-2022-20646,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0
CVE-2022-20638,https://securityvulnerability.io/vulnerability/CVE-2022-20638,Cisco Security Manager Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",Cisco,Cisco Security Manager,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-13T00:00:00.000Z,0