Main Vulnerability Database Vulnerabilities #VU29147

#VU29147 Input validation error in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3368

Published: June 18, 2020

Vulnerability identifier: #VU29147

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3368

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass the URL reputation filters on an affected device.

The vulnerability exists due to insufficient validation of user-supplied input in the antispam protection mechanisms. A remote attacker can craft the URL in a particular way and bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WO4BZ75s

#VU29147 Input validation error in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3368

Description

Remediation

External links

Please verify you're human