CVE-2019-1831

MEDIUM

Cisco AsyncOS Software - Auth Bypass

Title source: llm
STIX 2.1

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108021

Scores

CVSS v3 5.8
EPSS 0.0165
EPSS Percentile 73.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (2)
cisco/email_security_appliance 11.1.2-023
cisco/email_security_appliance 12.0.0-208
Published Apr 18, 2019
Tracked Since Feb 18, 2026