Vulnslist

find the latest Cisco vulnerabilities

Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability

cisco-sa-20161026-esawsa2 · Medium · Published · Updated

A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. The vulnerability is due to improper error handling when malformed MIME headers are present in the email attachment. An attacker could exploit this vulnerability by sending an email with a crafted attachment encoded with MIME. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering or WSA service scanning content for web access. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2

Cisco advisory ·CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEsCVE-2016-6372
Cisco Bug IDsCSCuy54740, CSCuy75174
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Web Security Appliance (WSA), Cisco Email Security Appliance (ESA), Cisco Secure Email, Cisco Secure Web Appliance

Related Products

Product CVE Evidence
Cisco Web Security Appliance (WSA) CVE-2016-6372 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2016-6372 Cisco OpenVuln
Cisco Secure Email CVE-2016-6372 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2016-6372 Cisco OpenVuln