CVE-2014-3381
First published: Sun Oct 19 2014(Updated: )
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS Software | <=8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3381?
CVE-2014-3381 is considered a high severity vulnerability that allows attackers to bypass malware filtering.
How do I fix CVE-2014-3381?
To mitigate CVE-2014-3381, upgrade Cisco AsyncOS to version 8.6 or later, which addresses this vulnerability.
What systems are affected by CVE-2014-3381?
CVE-2014-3381 affects Cisco Email Security Appliances running AsyncOS version 8.5 and earlier.
Can CVE-2014-3381 lead to remote code execution?
CVE-2014-3381 does not directly lead to remote code execution but allows for malware to bypass filtering mechanisms.
Is there a workaround for CVE-2014-3381?
There are no effective workarounds for CVE-2014-3381; updating to a patched version is recommended.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asyncos software
- version/cisco asyncos software/8.5