Description
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file.
Scores
CVSS v3
4.0
EPSS
0.0002
EPSS Percentile
6.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-494
Status
published
Products (50)
Cisco/Cisco Secure Web Appliance
11.8.0-414
Cisco/Cisco Secure Web Appliance
11.8.0-429
Cisco/Cisco Secure Web Appliance
11.8.0-453
Cisco/Cisco Secure Web Appliance
11.8.1-023
Cisco/Cisco Secure Web Appliance
11.8.3-018
Cisco/Cisco Secure Web Appliance
11.8.3-021
Cisco/Cisco Secure Web Appliance
11.8.4-004
Cisco/Cisco Secure Web Appliance
12.0.1-268
Cisco/Cisco Secure Web Appliance
12.0.1-334
Cisco/Cisco Secure Web Appliance
12.0.2-004
... and 40 more
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026