CVE-2023-20057
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco AsyncOS Software | ||
| Any of | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance C680 | ||
| Cisco Email Security Appliance C690 | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco AsyncOS Software | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco AsyncOS Software for Cisco Email Security Appliances | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance C680 | ||
| Cisco Email Security Appliance C690 | ||
| Cisco Email Security Appliance | ||
| Cisco Email Security Appliance |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2023-20057?
The vulnerability CVE-2023-20057 is a URL filtering bypass vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA).
How severe is the vulnerability CVE-2023-20057?
The severity of the vulnerability CVE-2023-20057 is medium, with a severity value of 5.3.
Which software is affected by the vulnerability CVE-2023-20057?
The Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) is affected by the vulnerability CVE-2023-20057.
How can an attacker exploit the vulnerability CVE-2023-20057?
An attacker can exploit the vulnerability CVE-2023-20057 by bypassing the URL reputation filters on an affected device.
Is there a fix available for the vulnerability CVE-2023-20057?
Yes, Cisco has released a security advisory with fixes for the vulnerability CVE-2023-20057. Please refer to the Cisco Security Advisory for more information.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco asyncos software
- canonical/cisco asyncos software for cisco email security appliances
- canonical/cisco email security appliance
- canonical/cisco email security appliance c680
- canonical/cisco email security appliance c690