CVE-2020-3370

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 56.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance Cisco Cisco Email Security Appliance (esa)

Timeline

PublishedJul 16

Latest updateMay 24

Description

A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/email_security_appliance13.5.0 — 13.5.1+1

▶CVEListV5cisco/cisco_email_security_appliance_(esa)n/a

🔴Vulnerability Details

GHSA

GHSA-q7fc-v93r-h333: A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL fi↗2022-05-24

▶

CVEList

Cisco Content Security Management Appliance Filter Bypass Vulnerability↗2020-07-16

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Filter Bypass Vulnerability↗2020-07-15

▶