Description
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lincoln Yeoh · textremotehardware
https://www.exploit-db.com/exploits/20231
References (5)
Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1698
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5277
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Scores
EPSS
0.0718
EPSS Percentile
91.7%
Details
Status
published
Products (8)
cisco/pix_firewall_software
4.2\(1\)
cisco/pix_firewall_software
4.2\(2\)
cisco/pix_firewall_software
4.2\(5\)
cisco/pix_firewall_software
4.3
cisco/pix_firewall_software
4.4\(4\)
cisco/pix_firewall_software
5.0
cisco/pix_firewall_software
5.1
cisco/pix_firewall_software
5.2
Published
Dec 11, 2000
Tracked Since
Feb 18, 2026