First published: Fri May 03 2019(Updated: )
A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Email Security Appliance | =11.1.0-131 | |
=11.1.0-131 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-1844 is medium, with a severity value of 5.3.
CVE-2019-1844 allows an unauthenticated, remote attacker to bypass the filtering functionality of the Cisco ESA.
The affected version of the Cisco ESA is 11.1.0-131.
An attacker can exploit CVE-2019-1844 by sending certain content to the affected device, bypassing the attachment detection mechanisms.
To fix CVE-2019-1844, Cisco recommends upgrading to a fixed software release.