CVE-2019-15988

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 43.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Email Security Appliance (esa)Cisco Email Security Appliance Firmware
Timeline
PublishedNov 26
Latest updateMay 24

Description

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affecte

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_email_security_appliance_(esa)unspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-vxf2-rc93-x6wf: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticate2022-05-24
CVEList
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2019-11-26

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2019-11-20
CVE-2019-15988 (MEDIUM CVSS 5.3) | A vulnerability in the antispam pro | cvebase.io