漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed.
The vulnerability is due to improper error handling when malformed MIME headers are present in the email attachment.
漏洞危害
An attacker could exploit this vulnerability by sending an email with a crafted attachment encoded with MIME. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering or WSA service scanning content for web access.
解决方案
Refer to Cisco advisory cisco-sa-20161026-esawsa2 for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论