Cisco PIX Firewall Mailguard Feature SMTP Content Filter Bypass

high Nessus Plugin ID 10520

Synopsis

The remote service is vulnerable to an access control breach.

Description

The remote SMTP server seems to be protected by a content filtering firewall probably Cisco's PIX.

However, an attacker may bypass this content filtering by issuing a DATA command before a MAIL command, that allows him to directly communicate with the real SMTP daemon.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCdr91002 and CSCds30699

See Also

https://seclists.org/bugtraq/2000/Sep/376

http://www.nessus.org/u?236b35d2

Plugin Details

Severity: High

ID: 10520

File Name: smtp_bypass_cisco.nasl

Version: 1.28

Type: remote

Family: Firewalls

Published: 10/4/2000

Updated: 5/24/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2000-1022

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

Excluded KB Items: SMTP/wrapped, SMTP/qmail, SMTP/postfix

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/19/2000

Reference Information

CVE: CVE-2000-1022

BID: 1698