Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

cisco-sa-esa-url-bypass-WO4BZ75s · Medium · Published · Updated

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WO4BZ75s

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2020-3368
Cisco Bug IDsCSCvs66918
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2020-3368 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2020-3368 Cisco OpenVuln
Cisco Secure Email CVE-2020-3368 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2020-3368 Cisco OpenVuln