Zip Decompression Vulnerability in Cisco Email Security Appliance
CVE-2020-26082
5.8MEDIUM
What is CVE-2020-26082?
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance allows attackers to bypass email content filters. This issue arises from improper handling of password-protected zip files. By sending a malicious file in a specially crafted zip-compressed package, an unauthenticated, remote attacker can exploit this flaw, enabling them to evade security measures that would typically block harmful emails.
Affected Version(s)
Cisco Secure Email