CVE-2019-1933

MEDIUM

Cisco Email Security Appliance - Unauthenticated Filter Bypass and Script Injection via Email Field Input Validation

Title source: llm
STIX 2.1

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails.

References (1)

Core 1
Core References

Scores

CVSS v3 5.8
EPSS 0.0124
EPSS Percentile 65.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
cisco/email_security_appliance 11.1.2-023
Published Jul 06, 2019
Tracked Since Feb 18, 2026