CISCO : Cisco Email Security Appliance File Type Filtering Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106158

Categoría: CISCO

Título: Cisco Email Security Appliance File Type Filtering Vulnerability

Resumen: A vulnerability in the email message filtering feature of Cisco AsyncOS;for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to;fail to detect and act upon a specific type of file that is attached to an email message.;;The vulnerability is due to improper application of message filtering rules to email attachments that contain;a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability;by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow;the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.

Descripción: Summary:
A vulnerability in the email message filtering feature of Cisco AsyncOS
for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to
fail to detect and act upon a specific type of file that is attached to an email message.

The vulnerability is due to improper application of message filtering rules to email attachments that contain
a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability
by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow
the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.

Solution:
Upgrade to Cisco ESA version 9.1.1-038 or
later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1461
BugTraq ID: 92155
http://www.securityfocus.com/bid/92155
Cisco Security Advisory: 20160727 Cisco Email Security Appliance File Type Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
http://www.securitytracker.com/id/1036470

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106158
Categoría:	CISCO
Título:	Cisco Email Security Appliance File Type Filtering Vulnerability
Resumen:	A vulnerability in the email message filtering feature of Cisco AsyncOS;for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to;fail to detect and act upon a specific type of file that is attached to an email message.;;The vulnerability is due to improper application of message filtering rules to email attachments that contain;a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability;by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow;the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment.
Descripción:	Summary: A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA to fail to detect and act upon a specific type of file that is attached to an email message. The vulnerability is due to improper application of message filtering rules to email attachments that contain a specific type of file and are submitted to an affected appliance. An attacker could exploit this vulnerability by sending an email message with a crafted attachment to an affected appliance. A successful exploit could allow the attacker to cause the ESA to fail to detect and act upon possible malware in the email attachment. Solution: Upgrade to Cisco ESA version 9.1.1-038 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1461 BugTraq ID: 92155 http://www.securityfocus.com/bid/92155 Cisco Security Advisory: 20160727 Cisco Email Security Appliance File Type Filtering Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa http://www.securitytracker.com/id/1036470
Copyright	Copyright (C) 2016 Greenbone AG