CVE-2020-3568

EPSS 0.21%
Published 08.10.2020 05:15:15
Last modified 21.11.2024 05:31:19
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Asyncos Version <= 13.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.41

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-zZtugtg3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3568

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3568

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3568

EUVD