CVE-2015-4184

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions 3.3.1-09, 7.5.1-gpl-022, 8.5.6-074

Description The issue concerns the anti-spam scanner, which allows remote attackers to bypass intended email restrictions. This is achieved via a malformed DNS SPF record.

Recommendations For version 3.3.1-09, update to a version that includes the fix for Bug ID CSCuu35853. For version 7.5.1-gpl-022, update to a version that includes the fix for Bug ID CSCuu37733. For version 8.5.6-074, update to a version that includes the fix for the mentioned bug IDs. As a temporary workaround, consider restricting access to the anti-spam scanner until a patch is available.