Vulnerability identifier: #VU14432
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Vendor: Cisco Systems, Inc
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) due to improper detection of content within executable (EXE) files. A remote attacker can send a customized EXE file that is not recognized and blocked by the ESA., bypass the filtering functionality and send email messages that contain malicious executable files to unsuspecting users.
Install update from vendor's website.
Vulnerable software versions
Cisco Email Security Appliance: 10.0.0 203 - 11.0.0 264
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?