First published: Thu Apr 18 2019(Updated: )
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Email Security Appliance | =11.1.2-023 | |
Cisco Email Security Appliance | =12.0.0-208 | |
=11.1.2-023 | ||
=12.0.0-208 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1831 is a vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) that could allow an unauthenticated, remote attacker to bypass configured content filters on the device.
CVE-2019-1831 has a severity rating of 5.3, which is considered medium.
The affected software versions for CVE-2019-1831 are Cisco Email Security Appliance 11.1.2-023 and 12.0.0-208.
The CWE for CVE-2019-1831 is CWE-20.
To fix CVE-2019-1831, users should upgrade to a fixed software version provided by Cisco.