Bypass Vulnerability in Cisco Email Security Appliances
CVE-2017-3800

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Asyncos
Vendor
CVE Published:
26 January 2017

Summary

A vulnerability exists in the content scanning engine of Cisco AsyncOS Software for Email Security Appliances, allowing unauthenticated remote attackers to bypass configured message or content filters. If the software is set to apply message filters or content filters to incoming email attachments, this vulnerability can lead to significant security risks. Notably, the issue is not restricted to specific filtering rules or actions, creating broad implications for user protection. The affected products include all releases before the initial fixed version and therefore require immediate attention for those operating vulnerable software.

Affected Version(s)

Cisco AsyncOS Cisco AsyncOS

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037656
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95637
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.