Cisco Email Security Appliance ZIP File Filter Bypass

medium Nessus Plugin ID 78737

Synopsis

The remote appliance is affected by a security bypass vulnerability.

Description

According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by a security bypass vulnerability in which the ZIP inspection engine of AsyncOS does not properly analyze files, thus allowing a remote, unauthenticated attacker to deliver malicious content by using a specially crafted ZIP file.

Solution

Contact the vendor regarding a fix for Cisco bug ID CSCup07934.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=36062

http://www.nessus.org/u?cfca5e00

Plugin Details

Severity: Medium

ID: 78737

File Name: cisco-sn-CVE-2014-3381-esa.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 10/30/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:email_security_appliance, cpe:/o:cisco:email_security_appliance_firmware

Required KB Items: Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Email Security Appliance/Version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/13/2014

Reference Information

CVE: CVE-2014-3381

BID: 70414

CISCO-BUG-ID: CSCup07934