CVE-2020-3368Improper Input Validation in Cisco Asyncos

CWE-20Improper Input Validation4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 55.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco AsyncosCisco Email Security Appliance
Timeline
PublishedJun 18
Latest updateMay 24

Description

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affecte

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/asyncos< 13.5.0

🔴Vulnerability Details

2
GHSA
GHSA-vr98-485w-gvwg: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticate2022-05-24
CVEList
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2020-06-18

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2020-06-17
CVE-2020-3368 — Improper Input Validation in Cisco | cvebase