Remote Code Execution via Crafted HTTP Header in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) Devices

Remote Code Execution via Crafted HTTP Header in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) Devices

CVE-2015-0624 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Learn more about our Cis Benchmark Audit For Cisco.