CVE-2020-3370

Name of the Vulnerable Software and Affected Versions: Cisco Content Security Management Appliance (SMA) (affected versions not specified) Cisco Email Security Appliance (affected versions not specified)

Description: The issue is related to insufficient input validation in the URL filtering mechanism, allowing an unauthenticated, remote attacker to bypass URL filtering by sending a crafted, malicious HTTP request. A successful exploit could enable the attacker to redirect users to malicious sites.

Recommendations: For Cisco Content Security Management Appliance (SMA), update the URL filtering mechanism to properly validate input data. For Cisco Email Security Appliance, ensure that the URL filtering mechanism is configured to correctly handle and validate HTTP requests to prevent bypassing. As a temporary workaround, consider restricting access to sensitive areas of the network until a proper fix is applied.