Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability

cisco-sa-20170906-esa · Medium · Published · Updated

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa

Cisco advisory ·CSAF JSON

Workarounds

The ESA should be configured for multiple levels of email attachment scanning to ensure that a corrupted EML attachment is scanned by multiple packages with the ESA.

CVEsCVE-2017-12218
Cisco Bug IDsCSCuz81533
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2017-12218 Cisco OpenVuln
Cisco Secure Email CVE-2017-12218 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2017-12218 Cisco OpenVuln