CISCO : Cisco Email Security Appliance File Type Filtering Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106158

Kategorie: CISCO

Titel: Cisco Email Security Appliance File Type Filtering Vulnerability

Zusammenfassung: A vulnerability in the email message filtering feature of Cisco AsyncOS;for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to;fail to detect and act upon a specific type of file that is attached to an email message.;;The vulnerability is due to improper application of message filtering rules to email attachments that contain;a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability;by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow;the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.

Beschreibung: Summary:
A vulnerability in the email message filtering feature of Cisco AsyncOS
for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to
fail to detect and act upon a specific type of file that is attached to an email message.

The vulnerability is due to improper application of message filtering rules to email attachments that contain
a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability
by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow
the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.

Solution:
Upgrade to Cisco ESA version 9.1.1-038 or
later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1461
BugTraq ID: 92155
http://www.securityfocus.com/bid/92155
Cisco Security Advisory: 20160727 Cisco Email Security Appliance File Type Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
http://www.securitytracker.com/id/1036470

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106158
Kategorie:	CISCO
Titel:	Cisco Email Security Appliance File Type Filtering Vulnerability
Zusammenfassung:	A vulnerability in the email message filtering feature of Cisco AsyncOS;for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to;fail to detect and act upon a specific type of file that is attached to an email message.;;The vulnerability is due to improper application of message filtering rules to email attachments that contain;a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability;by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow;the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.
Beschreibung:	Summary: A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to fail to detect and act upon a specific type of file that is attached to an email message. The vulnerability is due to improper application of message filtering rules to email attachments that contain a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment. Solution: Upgrade to Cisco ESA version 9.1.1-038 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1461 BugTraq ID: 92155 http://www.securityfocus.com/bid/92155 Cisco Security Advisory: 20160727 Cisco Email Security Appliance File Type Filtering Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa http://www.securitytracker.com/id/1036470
Copyright	Copyright (C) 2016 Greenbone AG