CISCO : Cisco Email Security Appliance Quarantine Email Rendering Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.140026

Categoría: CISCO

Título: Cisco Email Security Appliance Quarantine Email Rendering Vulnerability

Resumen: A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco; AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to; cause a user to click a malicious link in the MIQ view. The malicious link could be used to; facilitate a cross-site scripting (XSS) or HTML injection attack.;; The vulnerability is due to malformed HTML script tags in quarantined email messages. An attacker; could exploit this vulnerability by sending a crafted email message to the affected device. An; exploit could allow the attacker to trick a user who views the MIQ email message into clicking a; malicious link.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.

Descripción: Summary:
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco
AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to
cause a user to click a malicious link in the MIQ view. The malicious link could be used to
facilitate a cross-site scripting (XSS) or HTML injection attack.

The vulnerability is due to malformed HTML script tags in quarantined email messages. An attacker
could exploit this vulnerability by sending a crafted email message to the affected device. An
exploit could allow the attacker to trick a user who views the MIQ email message into clicking a
malicious link.

Cisco has not released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1423
BugTraq ID: 93912
http://www.securityfocus.com/bid/93912
http://www.securitytracker.com/id/1037113

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.140026
Categoría:	CISCO
Título:	Cisco Email Security Appliance Quarantine Email Rendering Vulnerability
Resumen:	A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco; AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to; cause a user to click a malicious link in the MIQ view. The malicious link could be used to; facilitate a cross-site scripting (XSS) or HTML injection attack.;; The vulnerability is due to malformed HTML script tags in quarantined email messages. An attacker; could exploit this vulnerability by sending a crafted email message to the affected device. An; exploit could allow the attacker to trick a user who views the MIQ email message into clicking a; malicious link.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.
Descripción:	Summary: A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. The vulnerability is due to malformed HTML script tags in quarantined email messages. An attacker could exploit this vulnerability by sending a crafted email message to the affected device. An exploit could allow the attacker to trick a user who views the MIQ email message into clicking a malicious link. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1423 BugTraq ID: 93912 http://www.securityfocus.com/bid/93912 http://www.securitytracker.com/id/1037113
Copyright	Copyright (C) 2016 Greenbone AG