Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance Filter Bypass Vulnerability

cisco-sa-ESA-filt-39jXvMfM · Medium · Published · Updated

A vulnerability in URL filtering for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-filt-39jXvMfM

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2020-3370
Cisco Bug IDsCSCvs58807
CVSS ScoreBase 4.0
Base 4.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), Cisco Secure Email, Cisco Secure Email and Web Manager

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2020-3370 Cisco OpenVuln
Cisco Secure Email and Web Manager CVE-2020-3370 Cisco OpenVuln
Cisco Secure Email CVE-2020-3370 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2020-3370 Cisco OpenVuln
Cisco Content Security Management Appliance (SMA) CVE-2020-3370 Cisco OpenVuln