Lucene search

[email protected]NVD:CVE-2021-1534

HistoryOct 06, 2021 - 8:15 p.m.

CVE-2021-1534

2021-10-0620:15:07

CWE-20

[email protected]

web.nvd.nist.gov

cisco

email security

vulnerability

url reputation filters

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.0%

JSON

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

Affected configurations

Nvd

Node

ciscoasyncosRange<14.0.1

AND

ciscoemail_security_appliance_c170Match-

ciscoemail_security_appliance_c190Match-

ciscoemail_security_appliance_c380Match-

ciscoemail_security_appliance_c390Match-

ciscoemail_security_appliance_c680Match-

ciscoemail_security_appliance_c690Match-

ciscoemail_security_appliance_c690xMatch-

VendorProductVersionCPE
ciscoasyncos*cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
ciscoemail_security_appliance_c170-cpe:2.3:h:cisco:email_security_appliance_c170:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c190-cpe:2.3:h:cisco:email_security_appliance_c190:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c380-cpe:2.3:h:cisco:email_security_appliance_c380:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c390-cpe:2.3:h:cisco:email_security_appliance_c390:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c680-cpe:2.3:h:cisco:email_security_appliance_c680:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c690-cpe:2.3:h:cisco:email_security_appliance_c690:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_c690x-cpe:2.3:h:cisco:email_security_appliance_c690x:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	asyncos	*	cpe:2.3:o:cisco:asyncos::::::::
cisco	email_security_appliance_c170	-	cpe:2.3:h:cisco:email_security_appliance_c170:-:::::::*
cisco	email_security_appliance_c190	-	cpe:2.3:h:cisco:email_security_appliance_c190:-:::::::*
cisco	email_security_appliance_c380	-	cpe:2.3:h:cisco:email_security_appliance_c380:-:::::::*
cisco	email_security_appliance_c390	-	cpe:2.3:h:cisco:email_security_appliance_c390:-:::::::*
cisco	email_security_appliance_c680	-	cpe:2.3:h:cisco:email_security_appliance_c680:-:::::::*
cisco	email_security_appliance_c690	-	cpe:2.3:h:cisco:email_security_appliance_c690:-:::::::*
cisco	email_security_appliance_c690x	-	cpe:2.3:h:cisco:email_security_appliance_c690x:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-sGcfsDrp

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.0%

JSON

Related for NVD:CVE-2021-1534

cve1 nessus1 prion1 cvelist1 cisco1