Detections
Analytics

Cisco AsyncOS for Email Security Appliances MIME Header Processing Filter Bypass (cisco-sa-20161116-esa1 / cisco-sa-20161116-esa2)

medium Nessus Plugin ID 95479

Language:

Synopsis

The remote security appliance is missing a vendor-supplied security patch.

Description

According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by an email filter bypass vulnerability in the email filtering functionality due to improper error handling when processing malformed Multipurpose Internet Mail Extension (MIME) headers that are present in an attachment. An unauthenticated, remote attacker can exploit this vulnerability, via email having a specially crafted MIME-encoded attached file, to bypass the Advanced Malware Protection (AMP) filter configuration. Note that in order to exploit this vulnerability, the AMP feature must be configured to scan incoming email attachments.

Solution

Apply the relevant update referenced in Cisco Security Advisories cisco-sa-20161116-esa1 or cisco-sa-20161116-esa2.

See Also

http://www.nessus.org/u?af6ae40f

http://www.nessus.org/u?84d58db7

Plugin Details

Severity: Medium

ID: 95479

File Name: cisco-sa-20161116-esa.nasl

Version: 1.10

Type: local

Family: CISCO

Published: 12/2/2016

Updated: 3/5/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-6463

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:email_security_appliance, cpe:/o:cisco:email_security_appliance_firmware

Required KB Items: Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Email Security Appliance/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/16/2016

Vulnerability Publication Date: 11/16/2016

Reference Information

CVE: CVE-2016-6462, CVE-2016-6463

BID: 94360, 94363