Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

cisco-sa-esa-url-bypass-zZtugtg3 · Medium · Published · Updated

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-zZtugtg3

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2020-3568
Cisco Bug IDsCSCvu50941, CSCvu53078
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2020-3568 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2020-3568 Cisco OpenVuln
Cisco Secure Email CVE-2020-3568 Cisco OpenVuln