CVE-2017-3818

MEDIUM

Cisco Email Security Appliance Firmware < 9.7.1-066 - Unauthenticated Malformed MIME Header Filtering Bypass

Title source: llm
STIX 2.1

Description

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95939
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037773

Scores

CVSS v3 5.8
EPSS 0.0224
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (2)
cisco/email_security_appliance_firmware 9.7.1-066
n/a/Cisco AsyncOS 9.7.1-066 Cisco AsyncOS 9.7.1-066
Published Feb 03, 2017
Tracked Since Feb 18, 2026