CVE-2025-20393
Published Dec 17, 2025
Last updated 23 days ago
AI description
CVE-2025-20393 is an improper input validation vulnerability that affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Specifically, the vulnerability is triggered when the Spam Quarantine feature is exposed to the internet. Attackers have been observed exploiting this vulnerability in the wild to install backdoors (like AquaShell and AquaTunnel) and tools for log manipulation (like AquaPurge) and traffic proxying (Chisel). CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog.
- Description
- A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- asyncos
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Cisco Multiple Products Improper Input Validation Vulnerability
- Exploit added on
- Dec 17, 2025
- Exploit action due
- Dec 24, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@cisco.com
- CWE-20
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Ever wondered what happens when you pickle a mailbox? 🥒📬 (No, it’s not a recipe, it’s a vulnerability.) Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details https://t.co/VLx4amr7J9 Written by @CurseRed &am
@starlabs_sg
5 Feb 2026
4238 Impressions
23 Retweets
67 Likes
33 Bookmarks
0 Replies
1 Quote
Cisco has released a patch for a critical zero-day vulnerability (CVE-2025-20393) actively exploited since November 2025 in Cisco SEG and SEWM appliances. This reinforces the need for secure configurations, timely patching and continuous monitoring. https://t.co/g1plLUKV26
@astasolutions
26 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
”「Cisco Secure Email Gateway」および「Cisco Secure Email and Web Manager」のスパム隔離機能に確認された脆弱性” Cisco Systemsのメールセキュリティ製品にゼロデイ脆弱性「CVE-2025-20393」が見つかった問題で、脆弱性を修
@zubora_engineer
22 Jan 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Secure Email Gatewayの脆弱性対策について(CVE-2025-20393) #IPA (Jan 19) https://t.co/WzC8mhxmj7
@foxbook
19 Jan 2026
274 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco Secure Email Gateway RCE (CVE-2025-20393): final fixes and guidance — https://t.co/q2KRSJCdIA
@InfosecDotWatch
19 Jan 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
シスコ、メールセキュリティ製品の脆弱性 CVE-2025-20393を修正-TOKAIコミュニケーションズのゼロデイ攻撃に悪用 https://t.co/8SSGWC4nFE
@cloudsec_news
19 Jan 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
情報セキュリティ Cisco Secure Email Gatewayの脆弱性対策について(CVE-2025-20393) - 独立行政法人情報処理推進機構(IPA) https://t.co/56nMLPIEBw
@kawn2020
19 Jan 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Secure Email Gatewayの脆弱性対策について(CVE-2025-20393) https://t.co/jggiB6wLdS
@ICATalerts
19 Jan 2026
3258 Impressions
4 Retweets
7 Likes
1 Bookmark
0 Replies
2 Quotes
Cisco Secure Email Gatewayの脆弱性対策について(CVE-2025-20393) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://t.co/Dc5zQYGrbC
@ohhara_shiojiri
19 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
IPA 重要 | Cisco Secure Email Gatewayの脆弱性対策について(CVE-2025-20393) https://t.co/Y8qFCc6JBb #itsec_jp
@itsec_jp
19 Jan 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco AsyncOS CVE-2025-20393 Security Advisory [Critical] Jan 19, 2026 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM #CyberSecurityWarning https://t.co/IAXd6Qtrvq
@transilienceai
19 Jan 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Scanner Alert! 🚨 Quickly check for exposure to CVE-2025-20393 in Cisco AsyncOS Email Security Appliances. This tool scans for open ports, responsive interfaces, & known IOCs. #cybersecurity #CVE #infosec #exploit #scanner #cisco https://t.co/XQg1v30ag6
@TheExploitLab
19 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20393: patch now Read More: https://t.co/tyn8wniXam #Infosec #RCE #ThreatIntel #PatchNow
@true_redfence
19 Jan 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
”本脆弱性はTOKAIコミュニケーションズのゼロデイ攻撃に悪用され高い危険度があるため、対象者は更新する事をお勧めします” #シスコシステムズ シスコ、メールセキュリティ製品の脆弱性 CVE-2025-20393を
@zubora_engineer
19 Jan 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco、ゼロデイ攻撃で悪用されたAsyncOSの脆弱性(CVE-2025-20393)を修正 Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) #HelpNetSecurity (Jan 16) https://t.co/92jU6QJYOU
@foxbook
18 Jan 2026
380 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
シスコ、メールセキュリティ製品の脆弱性 CVE-2025-20393を修正-TOKAIコミュニケーションズのゼロデイ攻撃に悪用 https://t.co/8uqIgaYXfj #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
18 Jan 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20393 AsyncOS zero-day (root RCE) exploited since Nov 2025 by China-linked APT. Hits SEG/SEWM with Spam Quarantine exposed. Update to latest AsyncOS now—reboot required. #CyberSec #ZeroDay https://t.co/1Aa84a8ZNf
@exc_actual
18 Jan 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨ด่วน Cisco ประกาศออกแพตช์แก้ไขช่องโหว่ Zero-Day ช่องโหว่ CVE-2025-20393 ซึ่งมีระดับความรุนแรงสูงสุด (CVSS 10.0) ในผลิตภัณ
@ThaiCERTByNCSA
18 Jan 2026
54 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨ด่วน Cisco ประกาศออกแพตช์แก้ไขช่องโหว่ Zero-Day ช่องโหว่ CVE-2025-20393 ซึ่งมีระดับความรุนแรงสูงสุด (CVSS 10.0) ในผลิตภัณ
@ThaiCERTByNCSA
18 Jan 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) - Help Net Security https://t.co/ya94sOCPUb
@PVynckier
18 Jan 2026
99 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-20198 2 - CVE-2025-32711 3 - CVE-2025-20393 4 - CVE-2025-61728 5 - CVE-2026-22812 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Jan 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco patched CVE-2025-20393. I found out from Twitter before the internal security Slack channel. Which makes sense because our internal security Slack channel is mostly used for posting pictures of suspicious USB drives found in the parking lot.
@gothburz
18 Jan 2026
3287 Impressions
1 Retweet
49 Likes
4 Bookmarks
2 Replies
0 Quotes
Cisco patches a critical AsyncOS zero-day (CVE-2025-20393) exploited since Nov 2025, used by Chinese group UAT-9686 to run remote commands with root access on Secure Email Gateway and Web Manager. #CiscoFix #ZeroDay #China https://t.co/YyZQSNXcow
@TweetThreatNews
17 Jan 2026
151 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical #ZeroDay alert: Cisco's Secure Email Gateway hit by CVE-2025-20393, allowing unauthenticated RCE. Immediate patching required! Link: https://t.co/SYs1q9Naxy #Security #Vulnerability #Patch #Exploit #Network #Threat #Attack #Breach #Malware #Alert #Protection #Risk https:
@dailytechonx
17 Jan 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة في Cisco AsyncOS تم استغلالها في هجمات Zero-day Cisco أصدرت تحديثات أمنية لمعالجة ثغرة CVE-2025-20393 في أنظمة Email Security Gateway و Secure Email and Web Manager. الثغرة كانت مستغلة في ه
@MisbarSec
17 Jan 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco has released a patch for a critical zero-day vulnerability, CVE-2025-20393, in its Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) products. The flaw, which allows remote attackers to gain root access via a crafted HTTP request to the Spam Quarantine
@ox0ffff
17 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco patches a critical AsyncOS zero-day (CVE-2025-20393) that was actively exploited since Nov 2025. If you run Cisco gear, check for updates now and reboot after patching to close the gap. Don’t wait for the next surge in attacks. Read more: https://t.co/jTMV4THtZn
@StrongKeepCyber
17 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco patches a critical zero-day RCE (CVE-2025-20393) in Secure Email Gateways that was exploited by a China-linked APT—update now! https://t.co/qVzcqj14LA
@sctocs25
17 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! China-linked APT exploits CVE-2025-20393 in Cisco email gateways. Learn how to detect, patch, and defend against this active zero-day threat. 📖 C
@PurpleOps_io
17 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco said it fixed a critical AsyncOS flaw (CVE-2025-20393, CVSS 10) exploited by the China-linked UAT-9686 on exposed Secure Email Gateway/Web Manager appliances via Spam Quarantine, which allowed root commands and persistence via AquaShell. https://t.co/Ljjw3EgQBb
@Cyber_O51NT
17 Jan 2026
474 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
Cisco has released critical security updates for its Email Security Gateway and Secure Email and Web Manager devices to address CVE-2025-20393, a zero-day vulnerability in AsyncOS exploited by suspected Chinese threat actors since late November 2025. The flaw, disclosed by Cisco
@ox0ffff
17 Jan 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
An active exploitation of a critical unauthenticated RCE (CVE-2025-20393) in the Spam Quarantine component enables attackers to execute arbitrary commands as root and install persistent backdoors.
@LandscapeThreat
16 Jan 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco Patches Critical 10.0 AsyncOS Zero-Day Exploited by China-Linked APT (CVE-2025-20393) Cisco released fixes for CVE-2025-20393 (CVSS 10.0), an actively exploited AsyncOS zero-day that enables unauthenticated remote command execution as root on Secure Email Gateway /
@ThreatSynop
16 Jan 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco has patched a Cisco AsyncOS zero-day tracked as CVE-2025-20393 - a serious issue that could allow root-level RCE under the right conditions. If you run Cisco email/web security appliances: - Patch ASAP (validate AsyncOS build versions) - Review admin access + exposed
@Anavem_
16 Jan 2026
569 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco, Kasım 2025'ten beri aktif şekilde istismar edilen kritik bir güvenlik açığını kapattı. CVE-2025-20393 olarak kayıtlı bu zafiyet, özellikle Secure Email Gateway ve Secure Email and Web Manager cihazlarını hedef alıyordu ve Çin bağlantılı siber saldırganl
@maktechhub2025
16 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco has addressed a critical vulnerability in its AsyncOS software, tracked as CVE-2025-20393, which was exploited as a zero-day by the China-linked APT group UAT-9686. The flaw, rated with a maximum CVSS score of 10.0, impacted Cisco’s Secure Email Gateway and Email and Web
@ox0ffff
16 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Zero-Day (CVE-2026-2005)CVE-2025-20393 Exploited by Advanced Actors to Hijack Secure Email Gateways Read the full report on - https://t.co/ARquFLafqI https://t.co/Q2rWwNQu4u
@cyberbivash
16 Jan 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) https://t.co/jdT9jqete4 #HelpNetSecurity #Cybersecurity https://t.co/tNgVnsSMxu
@PoseidonTPA
16 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco Patches AsyncOS Zero-Day (CVE-2025-20393) Used to Gain Root on Email Security Appliances Cisco released fixes for CVE-2025-20393, an actively exploited AsyncOS flaw in the Spam Quarantine feature that enables unauthenticated attackers to run arbitrary commands as root
@ThreatSynop
16 Jan 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco released fixes for a maximum-severity zero-day remote code execution flaw (CVE-2025-20393) in AsyncOS for its Secure Email Gateway and Web Manager after attacks by a China-linked APT. 📌 Full story: https://t.co/Yh9YiQBV6I Source: The Hacker News
@NovaSignal
16 Jan 2026
81 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ACTIVE ZERO-DAY EXPLOITATION Cisco Secure Email Gateway vulnerable to CVE-2025-20393. 🔓 Unauthenticated network access 💥 Remote Code Execution (RCE) 👑 Root-level compromise 🎯 Confirmed exploitation in the wild Patch now or assume full device takeover. Source:
@HackingRabbitS
16 Jan 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20393 Cisco: falha zero-day crítica no AsyncOS é corrigida https://t.co/alzpAUGW6d
@SempreUpdate
16 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
72 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
In this episode of IT SPARC Cast - CVE of the Week, @john_Video and @loudoggeek break down CVE-2025-20393, a CVSS 10.0 zero-day vulnerability affecting Cisco Secure Email Gateway (SEG) and related AsyncOS-based email security products. The flaw is actively exploited in the wild,
@ITSPARCCast
16 Jan 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393): Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the… https://t.co/uDKsBSat9a https:
@shah_sheikh
16 Jan 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco Secure Email Gateway Zero-Day RCE Exploited in Active Attacks (CVE-2025-20393) Cisco confirmed active exploitation of CVE-2025-20393 (CVSS 10.0) in AsyncOS Spam Quarantine, allowing unauthenticated attackers to execute root-level commands on exposed Secure Email Gatewa
@ThreatSynop
16 Jan 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7005EE5-0976-4E88-933F-C451D196C057",
"versionEndExcluding": "15.0.5-016"
},
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81772A3F-141D-4C3D-8094-1BD359D07C4A",
"versionEndExcluding": "15.5.4-012",
"versionStartIncluding": "15.5"
},
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32FF4E02-3750-4654-BD48-126133B33E6A",
"versionEndExcluding": "16.0.4-016",
"versionStartIncluding": "16.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5B6FBC8A-8187-4903-B786-6CF341C142B5"
},
{
"criteria": "cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "68864429-9730-43E9-96C3-20B9035BB291"
},
{
"criteria": "cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B52D8B2B-E9AE-4B02-87BD-9CF9FA95906A"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_gateway_c195:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7B1322B8-1CF9-4B17-9A58-38788051ED4F"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_gateway_c395:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "139A640B-1957-4953-AA88-9D373A5152D1"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_gateway_c695:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F08EA2AD-618B-4834-A52D-73F6A4502DF1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6893AE30-31DE-42CB-A463-E3DE22977107",
"versionEndExcluding": "15.0.2-007"
},
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12017942-B997-4FB1-B7FF-504EA72AC705",
"versionEndExcluding": "15.5.4-007",
"versionStartIncluding": "15.5"
},
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F29F71EF-ED63-4DB2-A8BA-EB1E1A3BFF09",
"versionEndExcluding": "16.0.4-010",
"versionStartIncluding": "16.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0C9613A5-B198-4AD2-BC74-F21ABAF79174"
},
{
"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "57831FD6-1CF3-4ABE-81BA-2576418F9083"
},
{
"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "67E804AE-4743-44AD-A364-504B0AB0D9BF"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3057023B-AD68-4953-A780-75EA416A7B94"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B87164B6-4717-4968-86F7-C62EB677FC50"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10BD81D0-D81A-4361-B4E8-D674732A2A33"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D28903F8-3C4D-4337-9721-CEC108A7E2D5"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "84ACD394-2E45-4E8E-A342-AC57935C7038"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6112D56B-B68B-40B0-8EB9-3315533110C7"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8A1198BC-C934-4C26-887D-D599E8128FD3"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10374BA0-E7DD-4930-8C58-251F98B75A11"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CD265B49-C691-44B3-A505-DC704E80313C"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E37CFC3A-1752-4C66-BD32-CFFA46C3E6AD"
},
{
"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "830693AC-A737-43B9-BBB4-E3A1C950C47F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]