Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

cisco-sa-20191120-esa-url-bypass · Medium · Published · Updated

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-url-bypass

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-15988
Cisco Bug IDsCSCvq09347
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2019-15988 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2019-15988 Cisco OpenVuln
Cisco Secure Email CVE-2019-15988 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2019-15988 Cisco OpenVuln