CVE-2021-1534

Summary

CVE	CVE-2021-1534
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-10-06 20:15:00 UTC
Updated	2023-11-07 03:28:00 UTC
Description	A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Asyncos	All	All	All	All
Hardware	Cisco	Email Security Appliance C170	-	All	All	All
Hardware	Cisco	Email Security Appliance C190	-	All	All	All
Hardware	Cisco	Email Security Appliance C380	-	All	All	All
Hardware	Cisco	Email Security Appliance C390	-	All	All	All
Hardware	Cisco	Email Security Appliance C680	-	All	All	All
Hardware	Cisco	Email Security Appliance C690	-	All	All	All
Hardware	Cisco	Email Security Appliance C690x	-	All	All	All

References

Reference	Source	Link	Tags
Cisco Email Security Appliance URL Filtering Bypass Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317073 Cisco Email Security Appliance (ESA) Uniform Resource Locator (URL) Filtering Bypass Vulnerability (cisco-sa-esa-url-bypass-sGcfsDrp)