CVE-2019-1831Improper Input Validation in Cisco Email Security Appliance

CWE-20Improper Input Validation6 documents6 sources
Severity
5.3MEDIUMNVD
CNA5.8
EPSS
0.2%
top 63.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Email Security ApplianceCisco Email Security Appliance
Timeline
PublishedApr 18
Latest updateMay 13

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the e

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/email_security_appliance11.1.2-023, 12.0.0-208+1

🔴Vulnerability Details

2
GHSA
GHSA-xw32-2x94-232h: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot2022-05-13
CVEList
Cisco Email Security Appliance Content Filter Bypass Vulnerability2019-04-18

📋Vendor Advisories

2
Cisco
Cisco Email Security Appliance Content Filter Bypass Vulnerability2019-04-17
Red Hat
struts2: incorrect default exclude patterns2015-05-11

💬Community

1
Bugzilla
CVE-2015-1831 struts2: incorrect default exclude patterns2015-05-18
CVE-2019-1831 — Improper Input Validation in Cisco | cvebase