6 results (0.007 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. Una vulnerabilidad en el motor de detección de MP3 del Software Cisco AsyncOS para Cisco Email Security Appliance (ESA), podría permitir a un atacante remoto no autenticado omitir los filtros de contenido configurados en el dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-mp3-bypass • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. Una vulnerabilidad en los mecanismos de protección antispam del Software Cisco AsyncOS para Cisco Email Security Appliance (ESA), podría permitir a un atacante remoto no autenticado omitir los filtros de reputación de URL en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-url-bypass • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device. Una vulnerabilidad en la funcionalidad Sender Policy Framework (SPF) del Software Cisco AsyncOS para Cisco Email Security Appliance (ESA), podría permitir a un atacante remoto no autenticado omitir los filtros de usuario configurados en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-esa-bypass • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device. Una vulnerabilidad en la funcionalidad Sender Policy Framework (SPF) del software AsyncOS de Cisco para Email Security Appliances (ESA) de Cisco, podría permitir a un atacante remoto no autenticado omitir los filtros de usuario configurados en el dispositivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-esm-inject • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124 y 10.0.0-125 en dispositivos Email Security Appliance (ESA), cuando se instala Enrollment Client en versiones anteriores a 1.0.2-065, permite a atacantes remotos obtener acceso root a través de una conexión a la interfaz testing/debugging, vulnerabilidad también conocida como Bug ID CSCvb26017. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa http://www.securityfocus.com/bid/93116 http://www.securitytracker.com/id/1036881 • CWE-264: Permissions, Privileges, and Access Controls •