Cisco Email Security Appliance Content Filter Bypass Vulnerability (cisco-sa-20190703-esa-filterpass)

Medium Nessus Plugin ID 128034

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Email Security Appliance (ESA) is affected by a vulnerability in the email message scanning of Cisco AsyncOS Software due to improper input validation of certain email fields. An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit allows the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails.

Please see the included Cisco BID and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo55451.

See Also

http://www.nessus.org/u?5e665db4

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo55451

Plugin Details

Severity: Medium

ID: 128034

File Name: cisco-sa-20190703-esa-filterpass.nasl

Version: 1.2

Type: local

Family: CISCO

Published: 2019/08/20

Updated: 2019/08/21

Dependencies: 69075

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-1933

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3.0

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Vulnerability Information

CPE: cpe:/o:cisco:email_security_appliance_(esa)

Required KB Items: Host/AsyncOS/Cisco Email Security Appliance/Version, Settings/ParanoidReport

Patch Publication Date: 2019/07/03

Vulnerability Publication Date: 2019/07/03

Reference Information

CVE: CVE-2019-1933

BID: 109031