MIME Scanner Vulnerability in Cisco AsyncOS Software for Email Security and Web Security Appliances
CVE-2017-3827

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Asyncos Software For Cisco Esa And Cisco Wsa
Vendor
CVE Published:
22 February 2017

Summary

A vulnerability exists within the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software used in Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA). This flaw may be exploited by an unauthenticated, remote attacker to circumvent established user filters on the devices. It affects all versions released prior to the introduction of a fixed version of Cisco AsyncOS Software for both ESA and WSA appliances. Specifically, devices configured to inspect incoming email attachments or web access content are vulnerable. Recognized affected software releases include versions 10.0.0-203, 9.9.9-894, and WSA10.0.0-233.

Affected Version(s)

Cisco AsyncOS Software for Cisco ESA and Cisco WSA Cisco AsyncOS Software for Cisco ESA and Cisco WSA

References

http://www.securityfocus.com/bid/96239
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037831
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1037832
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.