Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability

2016-10-26T16:00:00
ID CISCO-SA-20161026-ESAWSA2
Type cisco
Reporter Cisco
Modified 2016-10-31T14:16:34

Description

A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed.

The vulnerability is due to improper error handling when malformed MIME headers are present in the email attachment. An attacker could exploit this vulnerability by sending an email with a crafted attachment encoded with MIME. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering or WSA service scanning content for web access.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"]