Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability

A vulnerability in the anti-spam scanner of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA.

The vulnerability is due to improper handling of a malformed packet in the anti-spam scanner. An attacker could exploit this vulnerability by sending a crafted DNS Sender Policy Framework (SPF) text record. An exploit could allow the attacker to bypass the anti-spam scanner and generate a malformed packet alert.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, the attacker must send a crafted DNS SPF text record to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.