CVE-2017-6671
Summary
| CVE | CVE-2017-6671 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-13 06:29:00 UTC |
| Updated | 2017-11-27 12:15:00 UTC |
| Description | A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Email Security Appliance Firmware | 10.0.1-087 | All | All | All |
| Application | Cisco | Email Security Appliance Firmware | 9.7.1-066 | All | All | All |
| Application | Cisco | Email Security Appliance Firmware | 10.0.1-087 | All | All | All |
| Application | Cisco | Email Security Appliance Firmware | 9.7.1-066 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco AsyncOS Software CVE-2017-6671 Remote Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Email Security Appliance MIME Header Processing Bug Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Email Security Appliance Attachment Filter Bypass Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.