Lucene search
HistoryOct 19, 2014 - 1:55 a.m.
CVE-2014-3381
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
58.8%
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
Affected configurations
Node
ciscoasyncosRange≤8.5
Related
cisco
cisco
Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability
2014-10-14 16:13:59
cvelist
cvelist
CVE-2014-3381
2014-10-19 01:00:00
nessus
nessus
Cisco Email Security Appliance ZIP File Filter Bypass
2014-10-30 00:00:00
prion
prion
Authentication flaw
2014-10-19 01:55:00
cve
cve
CVE-2014-3381
2014-10-19 01:55:13
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
58.8%
Related for NVD:CVE-2014-3381