Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
Advisory ID: cisco-sa-20150612-esa
Revision 2.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the anti-spam scanner of Cisco AsyncOS for Cisco
Email Security Appliance (ESA) could allow an unauthenticated, remote
attacker to bypass the anti-spam functionality of the ESA.
The vulnerability is due to improper error handling of a malformed
packet in the anti-spam scanner. An attacker could exploit this
vulnerability by sending a crafted DNS Sender Policy Framework (SPF)
text record. A successful exploit could allow the attacker to bypass
the anti-spam scanner and generate a malformed packet alert.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą