Cisco Secure Email Gateway
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Secure Email Gateway.
Recent Cisco Secure Email Gateway Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-12-17 | Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager | December 17, 2025 |
| 2025-02-20 | Cisco Secure Email Gateway Email Filter Bypass Vulnerability | February 20, 2025 |
| 2025-02-06 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities | February 6, 2025 |
| 2025-02-06 | Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability | February 6, 2025 |
| 2025-02-06 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability | February 6, 2025 |
| 2024-11-07 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability | November 7, 2024 |
| 2024-07-17 | Cisco Secure Email Gateway Server-Side Template Injection Vulnerability | July 17, 2024 |
| 2024-07-17 | Cisco Secure Email Gateway Arbitrary File Write Vulnerability | July 17, 2024 |
| 2024-05-15 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities | May 15, 2024 |
| 2024-05-15 | Cisco Secure Email Gateway HTTP Response Splitting Vulnerability | May 15, 2024 |
By the Year
In 2026 there have been 0 vulnerabilities in Cisco Secure Email Gateway. Last year, in 2025 Secure Email Gateway had 1 security vulnerability published. Right now, Secure Email Gateway is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.30 |
| 2024 | 2 | 0.00 |
| 2023 | 4 | 6.08 |
It may take a day or so for new Secure Email Gateway vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Secure Email Gateway Security Vulnerabilities
Cisco Secure Email Gateway: Email Filter Bypass via Crafted Email
CVE-2025-20153
5.3 - Medium
- February 19, 2025
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.
Authorization
Cisco Secure Email Gateway: File Overwrite via Email Attachment CVE-2024-20401
CVE-2024-20401
- July 17, 2024
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.
Unauthenticated XSS via Web UI in Cisco AsyncOS Email Gateway
CVE-2024-20258
- May 15, 2024
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
XSS in Cisco AsyncOS Web Mgmt Interface (CVE-2023-20120)
CVE-2023-20120
6.1 - Medium
- June 28, 2023
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
XSS
Cisco AsyncOS XSS via Web Management Interface
CVE-2023-20119
6.1 - Medium
- June 28, 2023
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
XSS
Multiple XSS in Cisco AsyncOS Web Management Interface
CVE-2023-20028
5.4 - Medium
- June 28, 2023
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
XSS
CVE-2023-20075: Cisco Secure Email Gateway CLI Command Injection
CVE-2023-20075
6.7 - Medium
- March 01, 2023
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Secure Email Gateway or by Cisco? Click the Watch button to subscribe.
