Lucene search

CiscoCVELIST:CVE-2021-1534

HistoryOct 06, 2021 - 7:35 p.m.

CVE-2021-1534 Cisco Email Security Appliance URL Filtering Bypass Vulnerability

2021-10-0619:35:10

CWE-20

cisco

www.cve.org

cisco

email security

vulnerability

url filtering

bypass

asyncos software

antispam protection

remote attacker

improper processing

exploit

malicious urls

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

48.0%

JSON

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance (ESA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-sGcfsDrp

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

48.0%

JSON

Related for CVELIST:CVE-2021-1534