A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Cisco
  • Email Security Appliance C670
  • Email Security Appliance C690
  • Email Security Appliance C380
  • Email Security Appliance C170
  • Asyncos
  • Email Security Appliance C690x
  • Email Security Appliance C190
  • Email Security Appliance C160
  • Email Security Appliance C370d
  • Email Security Appliance C370
  • Email Security Appliance C680
  • Email Security Appliance X1070
  • Email Security Appliance C390

Configuration 1 [-]

AND
cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:email_security_appliance_c160:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c370:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c370d:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c670:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_x1070:-:*:*:*:*:*:*:*
References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WbMQqNJh Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-01-19T01:32:32.802Z

Updated: 2024-01-25T16:57:39.564Z

Reserved: 2022-10-27T18:47:50.320Z

Link: CVE-2023-20057

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-01-20T07:15:17.377

Modified: 2024-01-25T17:15:27.963

Link: CVE-2023-20057

JSON object: View

cve-icon Redhat Information

No data.

CWE