Lucene search

CiscoCVELIST:CVE-2019-1831

HistoryApr 18, 2019 - 1:20 a.m.

CVE-2019-1831 Cisco Email Security Appliance Content Filter Bypass Vulnerability

2019-04-1801:20:26

CWE-20

cisco

www.cve.org

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.3%

JSON

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance (ESA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2-023"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108021

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-esa-filter-bypass

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.3%

JSON

Related for CVELIST:CVE-2019-1831