CVE-2014-3381

Published Oct 19, 2014

Last updated 10 years ago

Overview

Description
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
Source
ykramarz@cisco.com
NVD status
Analyzed

Risk scores

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-264

Social media

Hype score
Not currently trending

Configurations