CVE-2017-12218

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) (affected versions not specified)

Description A vulnerability in the malware detection functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. This is due to the failure of Advanced Malware Protection (AMP) to scan certain EML attachments that could contain malware. An attacker could exploit this by sending an email with a crafted EML attachment through the targeted device, potentially bypassing configured email message and content filtering, and allowing malware to be delivered to the end user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.