CVE-2019-1844

MEDIUM

Cisco Email Security Appliance - Unauthenticated Filter Bypass via Missing Content-Disposition

Title source: llm
STIX 2.1

Description

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108149

Scores

CVSS v3 5.3
EPSS 0.0170
EPSS Percentile 74.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
cisco/email_security_appliance 11.1.0-131
Published May 03, 2019
Tracked Since Feb 18, 2026