Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCiscoCVELIST:CVE-2017-12353
HistoryNov 30, 2017 - 9:00 a.m.

CVE-2017-12353

2017-11-3009:00:00
CWE-254
cisco
www.cve.org
5

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Email Security Appliance"
      }
    ]
  }
]

Related

prion 1
cisco 1
nvd 1
cve 1
nessus 1
prion
prion
Input validation
2017-11-30 09:29:00
cisco
cisco
Cisco Email Security Appliance Header Bypass Vulnerability
2017-11-29 16:00:00
nvd
nvd
CVE-2017-12353
2017-11-30 09:29:01
cve
cve
CVE-2017-12353
2017-11-30 09:29:01
nessus
nessus
Cisco Email Security Appliance Filter Bypass Vulnerability
2017-12-14 00:00:00

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON
Related for CVELIST:CVE-2017-12353
prion1cisco1nvd1cve1nessus1