Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

2016-11-16T16:00:00
ID CISCO-SA-20161116-ESA2
Type cisco
Reporter Cisco
Modified 2016-11-09T18:46:30

Description

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.

The vulnerability is due to improper error handling when malformed Multipurpose Internet Mail Extensions (MIME) headers are present in an email attachment that is sent through an affected device. An attacker could exploit this vulnerability by sending an email message that has a crafted, MIME-encoded file attachment through an affected device. A successful exploit could allow the attacker to bypass AMP filter configurations for the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2"]