Lucene search
CiscoCVE-2014-3381HistoryOct 19, 2014 - 1:55 a.m.
CVE-2014-3381
2014-10-1901:55:13
CWE-264
cisco
web.nvd.nist.gov
33
cisco
email security appliance
zip inspection
vulnerability
cve-2014-3381
nvd
bug id cscup07934
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.002
Percentile
58.8%
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
Affected configurations
Node
ciscoasyncosRange≤8.5
Related
nessus
nessus
Cisco Email Security Appliance ZIP File Filter Bypass
2014-10-30 00:00:00
prion
prion
Authentication flaw
2014-10-19 01:55:00
nvd
nvd
CVE-2014-3381
2014-10-19 01:55:13
cisco
cisco
Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability
2014-10-14 16:13:59
cvelist
cvelist
CVE-2014-3381
2014-10-19 01:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.002
Percentile
58.8%
Related for CVE-2014-3381