cnvd - cnvd-2017-11578

CNVD-2017-11578

Vulnerability from cnvd - Published: 2017-06-27

Title

Cisco Email Security Appliance附件过滤器绕过漏洞

Description

Cisco Email Security Appliance是一套电子邮件安全设备。Cisco Content Security Management 是统一的电子邮件和Web安全管理解决方案。 Cisco Email Security Appliance (ESA)设备中Cisco AsyncOS Software存在电子邮件扫描漏洞，此漏洞源于对带有附件及已修改MIME标头的电子邮件未能正确输入验证。未经身份验证的远程攻击者绕过已配置的过滤器。

Severity

中

Patch Name

Cisco Email Security Appliance附件过滤器绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1

Impacted products

Name
['Cisco AsyncOS Software 0', 'Cisco Email Security Appliance 9.7.1-066', 'Cisco Email Security Appliance 10.0.1-087']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98969"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6671",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6671"
    }
  },
  "description": "Cisco Email Security Appliance\u662f\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Content Security Management \u662f\u7edf\u4e00\u7684\u7535\u5b50\u90ae\u4ef6\u548cWeb\u5b89\u5168\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco Email Security Appliance (ESA)\u8bbe\u5907\u4e2dCisco AsyncOS Software\u5b58\u5728\u7535\u5b50\u90ae\u4ef6\u626b\u63cf\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5e26\u6709\u9644\u4ef6\u53ca\u5df2\u4fee\u6539MIME\u6807\u5934\u7684\u7535\u5b50\u90ae\u4ef6\u672a\u80fd\u6b63\u786e\u8f93\u5165\u9a8c\u8bc1\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684\u8fc7\u6ee4\u5668\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-11578",
  "openTime": "2017-06-27",
  "patchDescription": "Cisco Email Security Appliance\u662f\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Cisco Content Security Management \u662f\u7edf\u4e00\u7684\u7535\u5b50\u90ae\u4ef6\u548cWeb\u5b89\u5168\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco Email Security Appliance (ESA)\u8bbe\u5907\u4e2dCisco AsyncOS Software\u5b58\u5728\u7535\u5b50\u90ae\u4ef6\u626b\u63cf\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5e26\u6709\u9644\u4ef6\u53ca\u5df2\u4fee\u6539MIME\u6807\u5934\u7684\u7535\u5b50\u90ae\u4ef6\u672a\u80fd\u6b63\u786e\u8f93\u5165\u9a8c\u8bc1\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684\u8fc7\u6ee4\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Email Security Appliance\u9644\u4ef6\u8fc7\u6ee4\u5668\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco AsyncOS Software 0",
      "Cisco Email Security Appliance 9.7.1-066",
      "Cisco Email Security Appliance 10.0.1-087"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-15",
  "title": "Cisco Email Security Appliance\u9644\u4ef6\u8fc7\u6ee4\u5668\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-6671 (GCVE-0-2017-6671)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 15:33

Summary

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.

Severity ?

No CVSS data available.

CWE

Attachment Filter Bypass Vulnerability

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/98969	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1038635	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Email Security Appliance	Affected: Cisco Email Security Appliance

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98969",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98969"
          },
          {
            "name": "1038635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Email Security Appliance",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Email Security Appliance"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Attachment Filter Bypass Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "98969",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98969"
        },
        {
          "name": "1038635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Email Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Email Security Appliance"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Attachment Filter Bypass Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98969",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98969"
            },
            {
              "name": "1038635",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038635"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6671",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-11578

CVE-2017-6671 (GCVE-0-2017-6671)

Tags

Sightings

Nomenclature