Cisco AsyncOS 14.3.0-023

CPE Details

Cisco AsyncOS 14.3.0-023
cisco
asyncos
14.3.0-023
2022-11-07
17h11 +00:00
2022-11-14
13h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:cisco:asyncos:14.3.0-023:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

asyncos

Version

14.3.0-023

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-20942 2022-11-03 19h30 +00:00 A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.
6.5
Medium
CVE-2022-20781 2022-04-06 18h12 +00:00 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
5.4
Medium