漏洞标题
N/A
漏洞描述信息
"Cisco AsyncOS软件在Cisco Email Security Appliances(ESA)和Web Security Appliances(WSA)中的电子邮件消息和内容过滤漏洞可能导致未授权的远程攻击者绕过目标设备的过滤功能。原本应该被隔离的电子邮件可能会被处理。受影响的产品:此漏洞会影响所有在Cisco ESA和Cisco WSA的虚拟和硬件 appliances,这些 appliances 配置了消息或内容过滤器以扫描 incoming email 附件,并且这些 appliances 进行了配置。更多信息:CSCuy54740,CSCuy75174。已知受影响的发布:9.7.1-066,9.5.0-575,WSA10.0.0-000。已知固定的发布:10.0.0-125,9.1.1-038,9.7.2-047。"
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Cisco AsyncOS for Cisco Email Security Appliances和Web Security Appliances 安全绕过漏洞
漏洞描述信息
Cisco AsyncOS for Cisco Email Security Appliances(ESA)和Web Security Appliances(WSA)是美国思科(Cisco)公司的一套使用在电子邮件安全设备(ESA)和网络安全设备(WSA)中的操作系统。 Cisco AsyncOS Software for Cisco ESA和WSA 9.7.1-066版本和9.5.0-575版本的Multipurpose Internet Mail Extensions标题的邮件信息和内容过滤存在安全绕
CVSS信息
N/A
漏洞类别
授权问题