CVE-2017-3827

MEDIUM

Cisco AsyncOS < - Auth Bypass

Title source: llm

Description

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233.

References (4)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96239

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037831

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037832

Scores

CVSS v3 5.8

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Classification

CWE

CWE-20

Status published

Affected Products (13)

cisco/web_security_appliance

cisco/web_security_appliance

cisco/web_security_appliance

cisco/web_security_appliance

cisco/web_security_appliance

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

cisco/email_security_appliance_firmware

n/a/Cisco AsyncOS Software for Cisco ESA and Cisco WSA < Cisco AsyncOS Software for Cisco ESA and Cisco WSA

Timeline

Published Feb 22, 2017

Tracked Since Feb 18, 2026