CVE-2017-3827

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to the first fixed release

Description A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner could allow an unauthenticated, remote attacker to bypass configured user filters on the device. This issue affects all releases of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA.

Recommendations For versions prior to the first fixed release, update to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA to resolve the issue. As a temporary workaround, consider restricting the use of message or content filters to minimize the risk of exploitation.