Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Email Security Appliance URL Filtering Bypass Vulnerability
Vulnerability Description
A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco Email Security Appliance AsyncOS Software 访问控制错误漏洞
Vulnerability Description
Cisco Email Security Appliance(ESA)是美国思科(Cisco)公司的一套电子邮件安全设备。该设备提供垃圾邮件保护、邮件加密、数据丢失防护等功能。AsyncOS Software是一套使用在其中的操作系统。 Cisco ESA的AsyncOS Software中的反垃圾邮件保护机制存在访问控制错误漏洞,该漏洞源于不完整的输入验证检测机制(用于检测Sender Policy Framework消息)。远程攻击者可通过发送自定义的SPF数据包利用该漏洞绕过设备所配置的URL过滤器
CVSS Information
N/A
Vulnerability Type
N/A