CVE-2017-6671
HIGHCisco Email Security Appliance - Unauthenticated Filter Bypass via Email Message Scanning
Title source: llmDescription
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98969
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038635
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1
Scores
CVSS v3
7.5
EPSS
0.0196
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (3)
cisco/email_security_appliance_firmware
9.7.1-066
cisco/email_security_appliance_firmware
10.0.1-087
n/a/Cisco Email Security Appliance
Cisco Email Security Appliance
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026