CVE-2021-1534Improper Input Validation in Cisco Asyncos

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
CNA5.8
EPSS
0.3%
top 48.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco AsyncosCisco Email Security Appliance
Timeline
PublishedOct 6
Latest updateMay 24

Description

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, wh

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/asyncos< 14.0.1

🔴Vulnerability Details

2
GHSA
GHSA-86vv-w52w-qq85: A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticate2022-05-24
CVEList
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2021-10-06

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance URL Filtering Bypass Vulnerability2021-10-06
CVE-2021-1534 — Improper Input Validation in Cisco | cvebase