CVE-2017-6671

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance Firmware

Timeline

PublishedJun 13

Latest updateMay 17

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_email_security_applianceCisco Email Security Appliance

▶NVDcisco/email_security_appliance_firmware10.0.1-087, 9.7.1-066+1

🔴Vulnerability Details

GHSA

GHSA-m6qj-mxwq-g8c8: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot↗2022-05-17

▶

CVEList

CVE-2017-6671: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Attachment Filter Bypass Vulnerability↗2017-06-07

▶