CVE-2017-3818

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances versions prior to 9.8.0-092

Description A issue in the Multipurpose Internet Mail Extensions (MIME) scanner could allow an unauthenticated, remote attacker to bypass configured user filters on the device. This is possible when the software is configured to apply a message filter or content filter to incoming email attachments.

Recommendations For versions prior to 9.8.0-092, update to version 9.8.0-092 or later to resolve the issue. As a temporary workaround, consider disabling the MIME scanner until a patch is available. Restrict access to email attachments to minimize the risk of exploitation. Avoid using message filters or content filters on incoming email attachments until the issue is resolved.