Vulnerability-Lookup

CNVD-2017-01167

Vulnerability from cnvd - Published: 2017-02-09

Title

Cisco Email Security Appliance for AsyncOS安全绕过漏洞

Description

Cisco AsyncOS Software for Cisco Email Security Appliances（ESA）是美国思科（Cisco）公司的一套使用在电子邮件安全设备（ESA）中的操作系统。 Cisco AsyncOS Software for Cisco ESA中的Multipurpose Internet Mail Extensions (MIME）扫描仪存在安全漏洞。远程攻击者可通过发送带有特制MIME附件的邮件利用该漏洞绕过已配置的用户过滤器。

Severity

中

Patch Name

Cisco Email Security Appliance for AsyncOS安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb65245

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1

Impacted products

Name
['Cisco AsyncOS Software 0', 'Cisco Email Security Appliance 9.7.1-066']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95939"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3818"
    }
  },
  "description": "Cisco AsyncOS Software for Cisco Email Security Appliances\uff08ESA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u5728\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\uff08ESA\uff09\u4e2d\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco AsyncOS Software for Cisco ESA\u4e2d\u7684Multipurpose Internet Mail Extensions (MIME\uff09\u626b\u63cf\u4eea\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u7279\u5236MIME\u9644\u4ef6\u7684\u90ae\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684\u7528\u6237\u8fc7\u6ee4\u5668\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb65245",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01167",
  "openTime": "2017-02-09",
  "patchDescription": "Cisco AsyncOS Software for Cisco Email Security Appliances\uff08ESA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u5728\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\uff08ESA\uff09\u4e2d\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco AsyncOS Software for Cisco ESA\u4e2d\u7684Multipurpose Internet Mail Extensions (MIME\uff09\u626b\u63cf\u4eea\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u7279\u5236MIME\u9644\u4ef6\u7684\u90ae\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684\u7528\u6237\u8fc7\u6ee4\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Email Security Appliance for AsyncOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco AsyncOS Software 0",
      "Cisco Email Security Appliance 9.7.1-066"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-06",
  "title": "Cisco Email Security Appliance for AsyncOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-3818 (GCVE-0-2017-3818)

Vulnerability from cvelistv5 – Published: 2017-02-03 07:24 – Updated: 2024-08-05 14:39

Summary

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.

Severity ?

No CVSS data available.

CWE

Filtering Bypass

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95939	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037773	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco AsyncOS 9.7.1-066	Affected: Cisco AsyncOS 9.7.1-066

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1"
          },
          {
            "name": "95939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95939"
          },
          {
            "name": "1037773",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037773"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco AsyncOS 9.7.1-066",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco AsyncOS 9.7.1-066"
            }
          ]
        }
      ],
      "datePublic": "2017-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Filtering Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1"
        },
        {
          "name": "95939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95939"
        },
        {
          "name": "1037773",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037773"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco AsyncOS 9.7.1-066",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco AsyncOS 9.7.1-066"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Filtering Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1"
            },
            {
              "name": "95939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95939"
            },
            {
              "name": "1037773",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037773"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3818",
    "datePublished": "2017-02-03T07:24:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-01167

CVE-2017-3818 (GCVE-0-2017-3818)

Tags

Sightings

Nomenclature