CVE-2014-3381 — Cisco Asyncos vulnerability

CWE-2644 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 63.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Asyncos

Timeline

PublishedOct 19

Latest updateMay 17

Description

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/asyncos8.5

🔴Vulnerability Details

GHSA

GHSA-w4h4-v874-qrqc: The ZIP inspection engine in Cisco AsyncOS 8↗2022-05-17

▶

CVEList

CVE-2014-3381: The ZIP inspection engine in Cisco AsyncOS 8↗2014-10-19

▶

📋Vendor Advisories

Cisco

Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability↗2014-10-14

▶