#VU47526 Input validation error in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3568
Published: October 8, 2020 / Updated: October 13, 2020
Vulnerability identifier: #VU47526
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3568
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance
Cisco AsyncOS for Cisco Email Security Appliance
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass the URL reputation filters.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can use a spceially crafted URL and bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.
Remediation
Install updates from vendor's website.