CVE-2017-6671

HIGH

Cisco Email Security Appliance - Unauthenticated Filter Bypass via Email Message Scanning

Title source: llm
STIX 2.1

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98969
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038635

Scores

CVSS v3 7.5
EPSS 0.0196
EPSS Percentile 77.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
cisco/email_security_appliance_firmware 9.7.1-066
cisco/email_security_appliance_firmware 10.0.1-087
n/a/Cisco Email Security Appliance Cisco Email Security Appliance
Published Jun 13, 2017
Tracked Since Feb 18, 2026