漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack.
The vulnerability is due to malformed HTML script tags in quarantined email messages.
漏洞危害
An attacker could exploit this vulnerability by sending a crafted email message to the affected device. An exploit could allow the attacker to trick a user who views the MIQ email message into clicking a malicious link.
解决方案
Refer to Cisco advisory cisco-sa-20161026-esa4 for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论