Lucene search

K
ciscoCiscoCISCO-SA-ESA-BYPASS-5CDV2HMA
HistoryJan 22, 2020 - 4:00 p.m.

Cisco Email Security Appliance Content Filter Bypass Vulnerability

2020-01-2216:00:00
tools.cisco.com
5

0.001 Low

EPSS

Percentile

50.0%

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device.

The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-bypass-5Cdv2HMA [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-bypass-5Cdv2HMA”]

Affected configurations

Vulners
Node
ciscoironport_email_security_applianceMatchany
OR
ciscoironport_email_security_applianceMatchany

0.001 Low

EPSS

Percentile

50.0%

Related for CISCO-SA-ESA-BYPASS-5CDV2HMA