Cisco Content Security Management Appliance Filter Bypass Vulnerability
CVE-2020-3370

4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Email Security Appliance (esa)
Vendor
CVE Published:
16 July 2020

Badges

๐Ÿ‘พ Exploit Exists

Summary

A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites.

Affected Version(s)

Cisco Email Security Appliance (ESA)

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.