Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

secure_email_gateway_virtual_appliance_c100v

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2025-20184
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.91%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-08 Aug, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager and Secure Web Appliance Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_web_appliance_virtual_s1000vsecure_email_gateway_virtual_appliance_c300vsecure_email_gateway_virtual_appliance_c600vsecure_email_gateway_c395secure_web_appliance_s396secure_web_appliance_virtual_s100vsecure_web_appliance_virtual_s300vsecure_email_gateway_c695secure_email_gateway_c195secure_web_appliance_s196secure_web_appliance_virtual_s600vsecure_web_appliance_s696asyncossecure_email_gateway_virtual_appliance_c100vCisco Secure EmailCisco Secure Web Appliance
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-20180
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.58%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-15 Aug, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_m395secure_email_gateway_virtual_appliance_c100vsecure_email_gateway_virtual_appliance_c300vsecure_email_and_web_manager_m380secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m170secure_email_and_web_manager_m390xsecure_email_and_web_manager_m690xsecure_email_and_web_manager_m690secure_email_and_web_manager_virtual_appliance_m300vsecure_email_gateway_c395secure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m695secure_email_and_web_manager_m195secure_email_and_web_manager_m680secure_email_and_web_manager_m390secure_email_gateway_c195secure_email_and_web_manager_m190secure_email_gateway_c695asyncosCisco Secure EmailCisco Secure Email and Web Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20504
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.81%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:29
Updated-07 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_web_appliance_virtual_s1000vsecure_email_gateway_c695secure_web_appliance_virtual_s600vsecure_email_and_web_manager_m690secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m390secure_email_and_web_manager_m195secure_email_and_web_manager_m395secure_web_appliance_s196secure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m390xsecure_email_gateway_c395secure_email_and_web_manager_m695secure_web_appliance_virtual_s100vsecure_email_gateway_c195secure_email_and_web_manager_m690xsecure_email_and_web_manager_m170secure_web_appliance_virtual_s300vsecure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_virtual_appliance_m600vsecure_web_appliance_s396secure_email_and_web_manager_m190asyncossecure_email_and_web_manager_m680secure_email_and_web_manager_m380secure_web_appliance_s696secure_email_gateway_virtual_appliance_c100vsecure_email_gateway_virtual_appliance_c300vCisco Secure Web ApplianceCisco Secure Email and Web ManagerCisco Secure Email
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-20429
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.14%
||
7 Day CHG+0.04%
Published-17 Jul, 2024 | 16:29
Updated-08 Aug, 2025 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c695secure_email_gateway_virtual_appliance_c600vsecure_email_gateway_c195asyncossecure_email_gateway_c395secure_email_gateway_virtual_appliance_c100vsecure_email_gateway_virtual_appliance_c300vCisco Secure Emailsecure_email
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-20257
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.09% / 26.79%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:58
Updated-06 Aug, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c395secure_email_gateway_virtual_appliance_c300vsecure_email_gateway_virtual_appliance_c600vsecure_email_gateway_c195secure_email_gateway_virtual_appliance_c100vasyncossecure_email_gateway_c695Cisco Secure Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20258
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.21%
||
7 Day CHG-0.04%
Published-15 May, 2024 | 17:32
Updated-31 Jul, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c690xsecure_email_and_web_manager_m690xsecure_email_gateway_c390secure_email_and_web_manager_m195secure_email_gateway_virtual_appliance_c300vsecure_email_gateway_c690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_gateway_c195secure_email_and_web_manager_m680secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m690asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m695secure_email_and_web_manager_m380secure_email_and_web_manager_m190secure_email_gateway_virtual_appliance_c100vsecure_email_and_web_manager_m390secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m395secure_email_and_web_manager_m390xsecure_email_and_web_manager_m170secure_email_gateway_c190secure_email_gateway_c395secure_email_gateway_c695Cisco Secure Email and Web ManagerCisco Secure Emailsecure_emailsecure_email_and_web_manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20392
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 39.13%
||
7 Day CHG-0.05%
Published-15 May, 2024 | 17:22
Updated-06 Aug, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to the web-based management API of the affected system. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to perform cross-site scripting (XSS) attacks, resulting in the execution of arbitrary script code in the browser of the targeted user, or could allow the attacker to access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c395secure_email_gateway_virtual_appliance_c300vsecure_email_gateway_virtual_appliance_c600vsecure_email_gateway_c195secure_email_gateway_virtual_appliance_c100vasyncossecure_email_gateway_c695Cisco Secure Email
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')