Cisco Email Security Appliance vulnerabilities

CVE-2019-1955 [HIGH] CWE-20 CVE-2019-1955: A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cis A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an

CVE-2019-1921 [HIGH] CWE-20 CVE-2019-1921: A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Applia A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attach

CVE-2019-1933 [HIGH] CWE-20 CVE-2019-1933: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email

CVE-2019-1905 [MEDIUM] CWE-20 CVE-2019-1905: A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a maliciou

CVE-2019-1844 [MEDIUM] CWE-20 CVE-2019-1844: A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ES A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by

CVE-2019-1831 [MEDIUM] CWE-20 CVE-2019-1831: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific c

CVE-2018-15460 [HIGH] CWE-20 CVE-2018-15460: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email mes

CVE-2018-15453 [HIGH] CWE-20 CVE-2018-15453: A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verifica A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the fi

CVE-2018-0447 [MEDIUM] CWE-284 CVE-2018-0447: A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF)

CVE-2017-12353 [MEDIUM] CWE-254 CVE-2017-12353: A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malf

CVE-2017-12309 [MEDIUM] CWE-113 CVE-2017-12309: A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attac A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vuln

CVE-2017-12215 [HIGH] CWE-20 CVE-2017-12215: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can

CVE-2017-12218 [MEDIUM] CWE-20 CVE-2017-12218: A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security App A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vuln

CVE-2017-6671 [HIGH] CVE-2017-6671: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remot A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087