A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails.

Published : 2019-07-06 02:15 Updated : 2019-10-09 23:48

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Cisco Email Security Appliance 11.1.2-023 cpe:/a:cisco:email_security_appliance:11.1.2-023
  1. Cisco (1) Search CVE
    1. Email Security Appliance (1) Search CVE
      1. 11.1.2-023


ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-07-15 14:14
2019-07-06 02:15