Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

secure_email_and_web_manager_virtual_appliance_m600v

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2025-20185
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-3.4||LOW
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-06 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m390secure_email_and_web_manager_m690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_m190secure_email_and_web_manager_m390xsecure_email_and_web_manager_m690xsecure_email_and_web_manager_m170secure_email_and_web_manager_m395secure_email_and_web_manager_m680secure_email_and_web_manager_m195asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m380secure_email_and_web_manager_m695Cisco Secure EmailCisco Secure Web ApplianceCisco Secure Email and Web Manager
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-20180
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.58%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-15 Aug, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_m395secure_email_gateway_virtual_appliance_c100vsecure_email_gateway_virtual_appliance_c300vsecure_email_and_web_manager_m380secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m170secure_email_and_web_manager_m390xsecure_email_and_web_manager_m690xsecure_email_and_web_manager_m690secure_email_and_web_manager_virtual_appliance_m300vsecure_email_gateway_c395secure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m695secure_email_and_web_manager_m195secure_email_and_web_manager_m680secure_email_and_web_manager_m390secure_email_gateway_c195secure_email_and_web_manager_m190secure_email_gateway_c695asyncosCisco Secure EmailCisco Secure Email and Web Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20504
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.81%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:29
Updated-07 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_web_appliance_virtual_s1000vsecure_email_gateway_c695secure_web_appliance_virtual_s600vsecure_email_and_web_manager_m690secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m390secure_email_and_web_manager_m195secure_email_and_web_manager_m395secure_web_appliance_s196secure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m390xsecure_email_gateway_c395secure_email_and_web_manager_m695secure_web_appliance_virtual_s100vsecure_email_gateway_c195secure_email_and_web_manager_m690xsecure_email_and_web_manager_m170secure_web_appliance_virtual_s300vsecure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_virtual_appliance_m600vsecure_web_appliance_s396secure_email_and_web_manager_m190asyncossecure_email_and_web_manager_m680secure_email_and_web_manager_m380secure_web_appliance_s696secure_email_gateway_virtual_appliance_c100vsecure_email_gateway_virtual_appliance_c300vCisco Secure Web ApplianceCisco Secure Email and Web ManagerCisco Secure Email
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-20383
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:59
Updated-08 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_m195secure_email_and_web_manager_m380secure_email_and_web_manager_m390secure_email_and_web_manager_m390xsecure_email_and_web_manager_m680secure_email_and_web_manager_m170secure_email_and_web_manager_m395secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m690secure_email_and_web_manager_m695secure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_m190secure_email_and_web_manager_m690xasyncosCisco Secure Email and Web Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20256
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.09% / 26.79%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:56
Updated-07 Aug, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_web_appliance_virtual_s1000vsecure_web_appliance_virtual_s600vsecure_email_and_web_manager_m690secure_email_and_web_manager_m390secure_email_and_web_manager_m195secure_email_and_web_manager_m395secure_web_appliance_s196secure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m390xsecure_email_and_web_manager_m695secure_web_appliance_virtual_s100vsecure_email_and_web_manager_m690xsecure_web_appliance_virtual_s300vsecure_email_and_web_manager_m170secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_virtual_appliance_m600vsecure_web_appliance_s396secure_email_and_web_manager_m190asyncossecure_email_and_web_manager_m680secure_email_and_web_manager_m380secure_web_appliance_s696Cisco Secure Web ApplianceCisco Secure Email and Web Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20258
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.21%
||
7 Day CHG-0.04%
Published-15 May, 2024 | 17:32
Updated-31 Jul, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c690xsecure_email_and_web_manager_m690xsecure_email_gateway_c390secure_email_and_web_manager_m195secure_email_gateway_virtual_appliance_c300vsecure_email_gateway_c690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_gateway_c195secure_email_and_web_manager_m680secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m690asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m695secure_email_and_web_manager_m380secure_email_and_web_manager_m190secure_email_gateway_virtual_appliance_c100vsecure_email_and_web_manager_m390secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m395secure_email_and_web_manager_m390xsecure_email_and_web_manager_m170secure_email_gateway_c190secure_email_gateway_c395secure_email_gateway_c695Cisco Secure Email and Web ManagerCisco Secure Emailsecure_emailsecure_email_and_web_manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')