// For flags

CVE-2019-1905

Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability

Severity Score

5.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted GZIP-compressed file. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

Una vulnerabilidad en el motor de descompresión GZIP del software AsyncOS de Cisco para Email Security Appliance (ESA) de Cisco, podría permitir que un atacante remoto no autenticado omita los filtros de contenido configurados en el dispositivo. Una vulnerabilidad es debido a la comprobación inapropiada de los archivos con formato GZIP. Un atacante podría explotar esta vulnerabilidad enviando un archivo malicioso dentro de un archivo comprimido con GZIP. Una explotación con éxito podría permitir al atacante omitir los filtros del contenido configurados que normalmente omitiría el correo electrónico.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-06-20 CVE Published
  • 2024-11-10 EPSS Updated
  • 2024-11-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Email Security Appliance
Search vendor "Cisco" for product "Email Security Appliance"
11.1.2
Search vendor "Cisco" for product "Email Security Appliance" and version "11.1.2"
-
Affected
Cisco
Search vendor "Cisco"
Email Security Appliance
Search vendor "Cisco" for product "Email Security Appliance"
12.0.0
Search vendor "Cisco" for product "Email Security Appliance" and version "12.0.0"
-
Affected