CVE-2019-1933

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions (affected versions not specified)

Description The issue arises from insufficient input validation in the email message scanning function of Cisco Email Security Appliance (ESA), allowing a remote attacker to inject arbitrary scripting code into an email message. This can be achieved by sending a crafted email to a recipient protected by the ESA. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails. The vulnerability can be exploited to bypass configured filters on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.