Vulnerability Details : CVE-2017-3818
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.
Vulnerability category: Input validation
Products affected by CVE-2017-3818
- cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3818
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2017-3818
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3818
-
http://www.securitytracker.com/id/1037773
Cisco Email Security Appliance Bug in MIME Scanner Lets Remote Users Bypass Security Filters on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/95939
Cisco Email Security Appliance for AsyncOS CVE-2017-3818 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1
Cisco Email Security Appliance Malformed MIME Header Filtering Bypass VulnerabilityVendor Advisory
Jump to