#VU25479 Input validation error in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2019-12706

Cybersecurity Help s.r.o.

Published: 2020-02-20

Vulnerability identifier: #VU25479

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-12706

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass the configured user filters on an affected device.

The vulnerability exists within the Sender Policy Framework (SPF) functionality due to the affected software insufficiently validates certain incoming SPF messages. A remote attacker can send a custom SPF packet to an affected device and bypass the configured header filters, which could allow malicious content to pass through the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco AsyncOS for Cisco Email Security Appliance: before 12.5.1

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-esa-bypass

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Filter Bypass in Cisco AsyncOS for Cisco Email Security Appliance