CVE-2014-3381
Published Oct 19, 2014
Last updated 10 years ago
Overview
- Description
- The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1ED121A-E76C-4256-A2BB-B44E9FC85B9B", "versionEndIncluding": "8.5" } ], "operator": "OR" } ] } ]