Описание
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
Уязвимые конфигурации
Одновременно
Одно из
EPSS
5.8 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
Уязвимость механизма распаковки zip-файлов программного обеспечения Cisco AsyncOS для систем обеспечения безопасности электронной почты Cisco Email Security Appliance, позволяющая нарушителю обойти настроенные фильтры содержимого на устройстве
EPSS
5.8 Medium
CVSS3
5.3 Medium
CVSS3