N/A

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533.

N/A

输入验证不恰当

Cisco Email Security Appliances Advanced Malware Protection 安全漏洞

Cisco Email Security Appliances(ESAs)是美国思科（Cisco）公司的一个电子邮件安全设备。AsyncOS Software是使用在其中的操作系统。Advanced Malware Protection(AMP)是其中的一个高级恶意软件防护组件。 Cisco ESAs中的AsyncOS Software的AMP的恶意软件检测功能存在安全漏洞，该漏洞源于程序没有没有扫描带有恶意软件的EML附件。远程攻击者可借助特制的EML附件利用该漏洞将恶意软件发送至终端用户。

N/A

N/A