CVE-2019-12706

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device.

Published : 2019-10-02 19:15 Updated : 2019-10-10 18:07

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Cisco Email Security Appliance Firmware - cpe:/o:cisco:email_security_appliance_firmware:-
Cisco Email Security Appliance Firmware 3.3.1-09 cpe:/o:cisco:email_security_appliance_firmware:3.3.1-09
Cisco Email Security Appliance Firmware 7.1.0 cpe:/o:cisco:email_security_appliance_firmware:7.1.0
Cisco Email Security Appliance Firmware 7.1.1 cpe:/o:cisco:email_security_appliance_firmware:7.1.1
Cisco Email Security Appliance Firmware 7.1.2 cpe:/o:cisco:email_security_appliance_firmware:7.1.2
Cisco Email Security Appliance Firmware 7.1.3 cpe:/o:cisco:email_security_appliance_firmware:7.1.3
Cisco Email Security Appliance Firmware 7.1.4 cpe:/o:cisco:email_security_appliance_firmware:7.1.4
Cisco Email Security Appliance Firmware 7.1.5 cpe:/o:cisco:email_security_appliance_firmware:7.1.5
Cisco Email Security Appliance Firmware 7.3.0 cpe:/o:cisco:email_security_appliance_firmware:7.3.0
Cisco Email Security Appliance Firmware 7.3.1 cpe:/o:cisco:email_security_appliance_firmware:7.3.1
Cisco Email Security Appliance Firmware 7.3.2 cpe:/o:cisco:email_security_appliance_firmware:7.3.2
Cisco Email Security Appliance Firmware 7.5.0 cpe:/o:cisco:email_security_appliance_firmware:7.5.0
Cisco Email Security Appliance Firmware 7.5.1 cpe:/o:cisco:email_security_appliance_firmware:7.5.1
Cisco Email Security Appliance Firmware 7.5.2 cpe:/o:cisco:email_security_appliance_firmware:7.5.2
Cisco Email Security Appliance Firmware 7.5.2-201 cpe:/o:cisco:email_security_appliance_firmware:7.5.2-201
Cisco Email Security Appliance Firmware 7.6.0 cpe:/o:cisco:email_security_appliance_firmware:7.6.0
Cisco Email Security Appliance Firmware 7.6.1-gpl-022 cpe:/o:cisco:email_security_appliance_firmware:7.6.1-gpl-022
Cisco Email Security Appliance Firmware 7.6.2 cpe:/o:cisco:email_security_appliance_firmware:7.6.2
Cisco Email Security Appliance Firmware 7.6.3-025 cpe:/o:cisco:email_security_appliance_firmware:7.6.3-025
Cisco Email Security Appliance Firmware 7.8.0 cpe:/o:cisco:email_security_appliance_firmware:7.8.0
Cisco Email Security Appliance Firmware 8.5.6-073 cpe:/o:cisco:email_security_appliance_firmware:8.5.6-073
Cisco Email Security Appliance Firmware 8.5.6-106 cpe:/o:cisco:email_security_appliance_firmware:8.5.6-106
Cisco Email Security Appliance Firmware 8.5.6-113 cpe:/o:cisco:email_security_appliance_firmware:8.5.6-113
Cisco Email Security Appliance Firmware 9.0.0-461 cpe:/o:cisco:email_security_appliance_firmware:9.0.0-461
Cisco Email Security Appliance Firmware 9.1.0-032 cpe:/o:cisco:email_security_appliance_firmware:9.1.0-032
Cisco Email Security Appliance Firmware 9.1.1-000 cpe:/o:cisco:email_security_appliance_firmware:9.1.1-000
Cisco Email Security Appliance Firmware 9.5.0-201 cpe:/o:cisco:email_security_appliance_firmware:9.5.0-201
Cisco Email Security Appliance Firmware 9.6.0-000 cpe:/o:cisco:email_security_appliance_firmware:9.6.0-000
Cisco Email Security Appliance Firmware 9.6.0-051 cpe:/o:cisco:email_security_appliance_firmware:9.6.0-051
Cisco Email Security Appliance Firmware 9.7.0-125 cpe:/o:cisco:email_security_appliance_firmware:9.7.0-125
Cisco Email Security Appliance Firmware 10.0.1-103 cpe:/o:cisco:email_security_appliance_firmware:10.0.1-103
Cisco Email Security Appliance Firmware 10.0.2-020 cpe:/o:cisco:email_security_appliance_firmware:10.0.2-020
Cisco Email Security Appliance Firmware 11.0.0-105 cpe:/o:cisco:email_security_appliance_firmware:11.0.0-105
  1. Cisco (1) Search CVE
    1. Email Security Appliance Firmware (33) Search CVE
      1. -
      2. 3.3.1-09
      3. 7.1.0
      4. 7.1.1
      5. 7.1.2
      6. 7.1.3
      7. 7.1.4
      8. 7.1.5
      9. 7.3.0
      10. 7.3.1
      11. 7.3.2
      12. 7.5.0
      13. 7.5.1
      14. 7.5.2
      15. 7.5.2-201
      16. 7.6.0
      17. 7.6.1-gpl-022
      18. 7.6.2
      19. 7.6.3-025
      20. 7.8.0
      21. 8.5.6-073
      22. 8.5.6-106
      23. 8.5.6-113
      24. 9.0.0-461
      25. 9.1.0-032
      26. 9.1.1-000
      27. 9.5.0-201
      28. 9.6.0-000
      29. 9.6.0-051
      30. 9.7.0-125
      31. 10.0.1-103
      32. 10.0.2-020
      33. 11.0.0-105

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-10 18:07
2019-10-02 19:17

New CVE