CVE-2017-3818

CWE-20Improper Input Validation4 documents4 sources
Severity
5.8MEDIUM
EPSS
0.2%
top 56.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance Firmware
Timeline
PublishedFeb 3
Latest updateMay 17

Description

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_asyncos_9.7.1-066Cisco AsyncOS 9.7.1-066

🔴Vulnerability Details

2
GHSA
GHSA-hhrh-pc24-4cm9: A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could2022-05-17
CVEList
CVE-2017-3818: A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could2017-02-03

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability2017-02-01
CVE-2017-3818 (MEDIUM CVSS 5.8) | A vulnerability in the Multipurpose | cvebase.io