PT-2019-3142 · Cisco · Cisco Email Security Appliance
Marcel Maeder
·
Published
2019-08-07
·
Updated
2023-03-29
·
CVE-2019-1955
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Email Security Appliance (ESA) (affected versions not specified)
Description
The issue is related to the Sender Policy Framework (SPF) component of the Cisco Email Security Appliance (ESA), which has a vulnerability due to insufficient input validation. This could allow a remote attacker to bypass configured content filters, potentially compromising the integrity of protected information. An attacker can exploit this by sending a customized SPF packet to an affected device, allowing malicious content to pass through the device.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Email Security Appliance