NONE✓ PATCH🇵🇱 Wersja polska

CVE-2023-20057

CVSS 0.0v3.1pub. 2023-01-20upd. 2024-11-21

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
  • Cisco Asyncos

    OS
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C160

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C170

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C190

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C370

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C370d

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C380

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C390

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C670

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C680

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C690

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance C690x

    HW
    Cisco
    wszystkie wersje
  • Cisco Email Security Appliance X1070

    HW
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-20393CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE z uprawnieniami root w Cisco Secure Email Gateway i Secure Email and Web Manager

CVE-2024-20435HIGH8.8ten sam produkt

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attac...

CVE-2022-20653HIGH7.5ten sam produkt

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco...

CVE-2021-34741HIGH7.5ten sam produkt

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (...

CVE-2021-34698HIGH8.6ten sam produkt

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an un...