CVE-2023-31488

CRITICAL

Hyland Perceptive Filters < 2023-12-08 - Crafted Document Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31488. PoCs published by ly1g3.

AI-analyzed exploit summary This repository provides a detailed technical writeup and functional PoC exploit for CVE-2023-31488, a memory corruption vulnerability in Lexmark Perceptive Filters (used by Cisco ESA) leading to unauthenticated remote code execution as root via a crafted PDF attachment. The exploit leverages a ROP chain to bypass NX and execute shellcode.

Description

Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.

Exploits (1)

nomisec WORKING POC 1 stars
by ly1g3 · poc
https://github.com/ly1g3/cisco-CVE-2023-31488

This repository provides a detailed technical writeup and functional PoC exploit for CVE-2023-31488, a memory corruption vulnerability in Lexmark Perceptive Filters (used by Cisco ESA) leading to unauthenticated remote code execution as root via a crafted PDF attachment. The exploit leverages a ROP chain to bypass NX and execute shellcode.

Classification
Working Poc 98%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco Email Security Appliance (ESA) with Lexmark Perceptive Filters (AsyncOS 14.2.0)
No auth needed
Prerequisites: Cisco ESA with AMP or SafePrint enabled (using Lexmark Perceptive Filters) · Target must not have ASLR enabled (as noted in the writeup) · Attacker must be able to send an email with a crafted PDF attachment to the target
mistral-large-3 · analyzed Jul 08, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0071
EPSS Percentile 49.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (2)
cisco/ironport_email_security_appliance
cisco/secure_email_gateway_firmware
Published Jan 10, 2024
Tracked Since Feb 18, 2026