CVE-2019-1844Improper Input Validation in Cisco Email Security Appliance

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 55.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Email Security ApplianceCisco Email Security Appliance
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send mes

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_email_security_applianceunspecified11.1.1-030

🔴Vulnerability Details

2
GHSA
GHSA-gpfw-gg76-25px: A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker2022-05-24
CVEList
Cisco Email Security Appliance Filter Bypass Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Filter Bypass Vulnerability2019-05-01