CVE-2019-1905

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) (affected versions not specified)

Description A vulnerability in the GZIP decompression engine could allow an unauthenticated, remote attacker to bypass configured content filters on the device. This is due to improper validation of GZIP-formatted files. An attacker could exploit this by sending a malicious file inside a crafted GZIP-compressed file, potentially allowing them to bypass content filters that would normally drop the email.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.