{"api_version":"1","generated_at":"2026-04-23T15:18:01+00:00","cve":"CVE-2017-6671","urls":{"html":"https://cve.report/CVE-2017-6671","api":"https://cve.report/api/cve/CVE-2017-6671.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-6671","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-6671"},"summary":{"title":"CVE-2017-6671","description":"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2017-06-13 06:29:00","updated_at":"2017-11-27 12:15:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/98969","name":"98969","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco AsyncOS Software CVE-2017-6671 Remote Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1038635","name":"1038635","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Email Security Appliance MIME Header Processing Bug Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1","name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Cisco Email Security Appliance Attachment Filter Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-6671","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6671","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"6671","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"email_security_appliance_firmware","cpe6":"10.0.1-087","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6671","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"email_security_appliance_firmware","cpe6":"9.7.1-066","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6671","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"email_security_appliance_firmware","cpe6":"10.0.1-087","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6671","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"email_security_appliance_firmware","cpe6":"9.7.1-066","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2017-6671","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco Email Security Appliance","version":{"version_data":[{"version_value":"Cisco Email Security Appliance"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Attachment Filter Bypass Vulnerability"}]}]},"references":{"reference_data":[{"name":"98969","refsource":"BID","url":"http://www.securityfocus.com/bid/98969"},{"name":"1038635","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038635"},{"name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1","refsource":"CONFIRM","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1"}]}},"nvd":{"publishedDate":"2017-06-13 06:29:00","lastModifiedDate":"2017-11-27 12:15:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:email_security_appliance_firmware:10.0.1-087:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"6671","Ordinal":"103358","Title":"CVE-2017-6671","CVE":"CVE-2017-6671","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"6671","Ordinal":"1","NoteData":"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"6671","Ordinal":"2","NoteData":"2017-06-13","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"6671","Ordinal":"3","NoteData":"2017-07-07","Type":"Other","Title":"Modified"}]}}}