Lucene search

CiscoCVE-2019-1831

HistoryApr 18, 2019 - 2:29 a.m.

CVE-2019-1831

2019-04-1802:29:05

CWE-20

cisco

web.nvd.nist.gov

vulnerability

email scanning

cisco

asyncos software

email security appliance

cve-2019-1831

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

40.3%

JSON

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

Affected configurations

Nvd

Node

ciscoemail_security_applianceMatch11.1.2-023

ciscoemail_security_applianceMatch12.0.0-208

VendorProductVersionCPE
ciscoemail_security_appliance11.1.2-023cpe:2.3:a:cisco:email_security_appliance:11.1.2-023:*:*:*:*:*:*:*
ciscoemail_security_appliance12.0.0-208cpe:2.3:a:cisco:email_security_appliance:12.0.0-208:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance	11.1.2-023	cpe:2.3:a:cisco:email_security_appliance:11.1.2-023:::::::*
cisco	email_security_appliance	12.0.0-208	cpe:2.3:a:cisco:email_security_appliance:12.0.0-208:::::::*

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance (ESA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2-023"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108021

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-esa-filter-bypass

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

40.3%

JSON

Related for CVE-2019-1831