CVE-2019-12706
Cisco Email Security Appliance Filter Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device.
Una vulnerabilidad en la funcionalidad Sender Policy Framework (SPF) del Software Cisco AsyncOS para Cisco Email Security Appliance (ESA), podría permitir a un atacante remoto no autenticado omitir los filtros de usuario configurados en un dispositivo afectado. La vulnerabilidad se presenta porque el software afectado comprueba de manera insuficiente ciertos mensajes SPF entrantes. Un atacante podría explotar esta vulnerabilidad mediante el envío de un paquete SPF personalizado hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante omitir los filtros de encabezado configurados, lo que podría permitir que el contenido malicioso pase a través del dispositivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-04 CVE Reserved
- 2019-10-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware" | < 13.5.0 Search vendor "Cisco" for product "Email Security Appliance Firmware" and version " < 13.5.0" | - |
Affected
|