- Description
- The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-284
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmeware:9.1.0-032:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC8C6490-1052-4208-A50E-E974FD9554C5"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmeware:9.5.0-201:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22A7EDAC-82ED-44F6-9F4F-51215E7AE240"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmeware:9.6.0-051:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75786AC6-A1C2-45BA-8438-EF51F3E934EB"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmeware:9.7.0-125:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "842EEFFB-7B44-40BF-B98B-A85F8F81EEF9"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmeware:9.7.0-782:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CB97A2F-2EE2-4ADD-92AC-28301E93C199"
}
],
"operator": "OR"
}
]
}
]