CVE-2017-3818
MEDIUMCisco Email Security Appliance Firmware < 9.7.1-066 - Unauthenticated Malformed MIME Header Filtering Bypass
Title source: llmDescription
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95939
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037773
Scores
CVSS v3
5.8
EPSS
0.0224
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (2)
cisco/email_security_appliance_firmware
9.7.1-066
n/a/Cisco AsyncOS 9.7.1-066
Cisco AsyncOS 9.7.1-066
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026