A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.
The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
{"id": "CVE-2020-26082", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-26082", "description": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.\r\n The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.", "published": "2023-08-04T21:15:00", "modified": "2023-08-09T20:38:00", "epss": [{"cve": "CVE-2020-26082", "epss": 0.00063, "percentile": 0.2495, "modified": "2023-08-17"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26082", "reporter": "psirt@cisco.com", "references": ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg"], "cvelist": ["CVE-2020-26082"], "immutableFields": [], "lastseen": "2023-08-17T20:23:33", "viewCount": 25, "enchantments": {"backreferences": {"references": [{"type": "nessus", "idList": ["CISCO-SA-ESA-ZIP-BYPASS-GBU4GTTG.NASL"]}]}, "score": {"value": 7.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-ESA-ZIP-BYPASS-GBU4GTTG"]}, {"type": "nessus", "idList": ["CISCO-SA-ESA-ZIP-BYPASS-GBU4GTTG.NASL"]}], "rev": 4}, "vulnersScore": 7.0}, "_state": {"dependencies": 1692303884, "score": 1692303879, "epss": 0}, "_internal": {"score_hash": "056eb979b32127ca290a00776c18061c"}, "cna_cvss": {"cna": "cisco", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "score": 5.8}}}, "cpe": [], "cpe23": [], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "cisco:asyncos", "version": "13.5.2", "operator": "lt", "name": "cisco asyncos"}], "affectedConfiguration": [{"name": "cisco email security appliance c170", "cpeName": "cisco:email_security_appliance_c170", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c190", "cpeName": "cisco:email_security_appliance_c190", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c380", "cpeName": "cisco:email_security_appliance_c380", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c390", "cpeName": "cisco:email_security_appliance_c390", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c680", "cpeName": "cisco:email_security_appliance_c680", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c690", "cpeName": "cisco:email_security_appliance_c690", "version": "-", "operator": "eq"}, {"name": "cisco email security appliance c690x", "cpeName": "cisco:email_security_appliance_c690x", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:asyncos:13.5.2:*:*:*:*:*:*:*", "versionEndExcluding": "13.5.2", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c170:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c190:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c380:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c390:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c680:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c690:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:email_security_appliance_c690x:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Cisco", "product": "Cisco Email Security Appliance (ESA)"}], "solutions": [], "workarounds": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impacts": [], "problemTypes": [], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "assigned": "2020-09-24T00:00:00"}
{"cisco": [{"lastseen": "2022-12-22T12:16:42", "description": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.\n\nThe vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg\"]", "cvss3": {}, "published": "2020-11-04T16:00:00", "type": "cisco", "title": "Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-26082"], "modified": "2020-11-04T16:00:00", "id": "CISCO-SA-ESA-ZIP-BYPASS-GBU4GTTG", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg", "cvss": {"score": 5.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "nessus": [{"lastseen": "2023-09-24T15:58:55", "description": "According to its self-reported version, Cisco Email Security Appliance (ESA) is affected by a vulnerability in the zip decompression engine due to improper handling of password-protected zip files. An unauthenticated, remote attacker can exploit this with a crafted zip file to bypass content filters.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-21T00:00:00", "type": "nessus", "title": "Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26082"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:cisco:email_security_appliance"], "id": "CISCO-SA-ESA-ZIP-BYPASS-GBU4GTTG.NASL", "href": "https://www.tenable.com/plugins/nessus/149847", "sourceData": "#TRUSTED 5141635e3ba8cbf9672064ed331ef27f90909b89a776abce281c121a92c00ac3517fe6f5bf2627ce3dec71e97416eefa2347dfda4e13acea7619d3248c5d13da62b6ddaf3dacea042ec49752053f031e55923ed0a067da6d6b3a0c86f3bccea5fbeee6eef5395ae36a24b925d4c01cdde8c1d87cadeccf2d670ff1f723b1e7f5ef8bd8d4c1273b32f284a720f06576ad255359853a452c427c472b0e43e1fbca2e20bcb5681e5a9d5d15288ce0f912632e45e177afa2cdfcbe2d819dcd7872e8c5d1ecc66519baaaab68dd94eff3de19dec3336395b4375e5167ece647be6ed7c519f1c84db45d3b0808c0bcc330530f95a5da91e7da09d3fcff88515d99365bb4aa94121be51c183d0d6973f9a1ecc4b8f72b043b70a14c704af666723f8baafd89afd3b007a173cc4f288fc1acc70b10f426989154b8099ed59962a501e78203f1ca5922f10d31d25ddc22cccf391321df491f34fe901e0dbab3c18aea09d8f52a43d33fa30b0fe3db18f739b7d1e30b534e66b3740ab865e22daf8ad80e53583e15140310e0d710b44095ebacfab452153a261263dc06f65a498c25d79c11721d34a6865e973a6c12bb6b13e4246b5e839ed9f2dfec29adc97fc79cfffe36d285afb31fc3ff1c41cc312cec9f55643d18d567dbea61cd5828e7cc83ec230c59811db8b1cc5cbe5d6308a489fe9cf513270aead900bd8fdf16cca1d183a5d4\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149847);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2020-26082\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv38679\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-esa-zip-bypass-gbU4gtTg\");\n script_xref(name:\"IAVA\", value:\"2020-A-0447-S\");\n\n script_name(english:\"Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Email Security Appliance (ESA) is affected by a vulnerability in the zip\ndecompression engine due to improper handling of password-protected zip files. An unauthenticated, remote attacker can\nexploit this with a crafted zip file to bypass content filters.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab126d2d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv38679\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv38679\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:email_security_appliance\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_esa_version.nasl\");\n script_require_keys(\"Host/AsyncOS/Cisco Email Security Appliance/Version\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco Email Security Appliance (ESA)');\n\nvar vuln_ranges = [{ 'min_ver' : '0.0', 'fix_ver' : '13.5.2' }];\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvv38679',\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2020-26082
