CVE-2019-1844

CVE Database · CVE-2019-1844

CVE-2019-1844

· N/AModified

CVSS v3.1

N/A

EPSS

1.70%

Published

May 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (1)

cisco · email_security_appliancevulnerable

References (4)

http://www.securityfocus.com/bid/108149

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-esa-bypass

Vendor Advisory

http://www.securityfocus.com/bid/108149

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-esa-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs