3 matches found
Cisco Email Security Appliance Header Injection Vulnerability
According to its self-reported version, Cisco Email Security Appliance ESA is affected by a security bypass vulnerability. A flaw exists with the Sender Policy Framework SPF due to improper validation of SPF messages. An unauthenticated, remote attacker can exploit this, via a specially crafted S...
CVE-2019-1955
A vulnerability in the Sender Policy Framework SPF functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking...
CVE-2019-1955
Cisco AsyncOS (ESA) SPF handling vulnerability (CVE-2019-1955) allows an unauthenticated, remote attacker to bypass header filters by sending specially crafted SPF packets. Root cause is incomplete input/validation for SPF messages. Affected product: Cisco Email Security Appliance with AsyncOS; c...