ID
VAR-201502-0139
CVE
CVE-2015-0605
TITLE
Cisco E Email Security Runs on the appliance AsyncOS of uuencode Vulnerabilities that can bypass content restrictions in inspection engines
Trust: 0.8
sources:
JVNDB: JVNDB-2015-001529
DESCRIPTION
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. Cisco AsyncOS is Cisco's custom operating system for the performance and security of all messaging applications. Cisco AsyncOS Software is prone to a remote security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCzv54343
Trust: 2.52
sources:
NVD: CVE-2015-0605 //
JVNDB: JVNDB-2015-001529 //
CNVD: CNVD-2015-00993 //
BID: 72528 //
VULHUB: VHN-78551
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-00993
AFFECTED PRODUCTS
| vendor: | cisco | model: | asyncos | scope: | lte | version: | 8.5 | Trust: 1.8 |
| vendor: | cisco | model: | e email security the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asyncos software | scope: | lte | version: | <=8.5 | Trust: 0.6 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.5 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-00993 //
JVNDB: JVNDB-2015-001529 //
CNNVD: CNNVD-201502-132 //
NVD: CVE-2015-0605
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-00993 //
VULHUB: VHN-78551 //
JVNDB: JVNDB-2015-001529 //
CNNVD: CNNVD-201502-132 //
NVD: CVE-2015-0605
PROBLEMTYPE DATA
| problemtype: | CWE-264 | Trust: 1.9 |
sources:
VULHUB: VHN-78551 //
JVNDB: JVNDB-2015-001529 //
NVD: CVE-2015-0605
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201502-132
TYPE
permissions and access control
Trust: 0.6
sources:
CNNVD: CNNVD-201502-132
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-001529
PATCH
| title: | Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605 | Trust: 0.8 |
| title: | 37384 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=37384 | Trust: 0.8 |
| title: | Patch for Cisco AsyncOS Software Remote Security Bypass Vulnerability (CNVD-2015-00993) | url: | https://www.cnvd.org.cn/patchInfo/show/55176 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-00993 //
JVNDB: JVNDB-2015-001529
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-0605 | Trust: 3.4 |
| db: | BID | id: | 72528 | Trust: 2.0 |
| db: | SECUNIA | id: | 62829 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-001529 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201502-132 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-00993 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-78551 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-00993 //
VULHUB: VHN-78551 //
BID: 72528 //
JVNDB: JVNDB-2015-001529 //
CNNVD: CNNVD-201502-132 //
NVD: CVE-2015-0605
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=37384 | Trust: 2.3 |
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0605 | Trust: 1.7 |
| url: | http://www.securityfocus.com/bid/72528 | Trust: 1.1 |
| url: | http://secunia.com/advisories/62829 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/100695 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0605 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0605 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/72528/ | Trust: 0.6 |
| url: | www.cisco.com | Trust: 0.3 |
sources:
CNVD: CNVD-2015-00993 //
VULHUB: VHN-78551 //
BID: 72528 //
JVNDB: JVNDB-2015-001529 //
CNNVD: CNNVD-201502-132 //
NVD: CVE-2015-0605
CREDITS
Cisco
Trust: 0.3
sources:
BID: 72528
SOURCES
| db: | CNVD | id: | CNVD-2015-00993 |
| db: | VULHUB | id: | VHN-78551 |
| db: | BID | id: | 72528 |
| db: | JVNDB | id: | JVNDB-2015-001529 |
| db: | CNNVD | id: | CNNVD-201502-132 |
| db: | NVD | id: | CVE-2015-0605 |
LAST UPDATE DATE
2024-11-23T22:18:26.497000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-00993 | date: | 2015-02-10T00:00:00 |
| db: | VULHUB | id: | VHN-78551 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 72528 | date: | 2015-02-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001529 | date: | 2015-02-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-132 | date: | 2015-02-09T00:00:00 |
| db: | NVD | id: | CVE-2015-0605 | date: | 2024-11-21T02:23:23.853 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-00993 | date: | 2015-02-10T00:00:00 |
| db: | VULHUB | id: | VHN-78551 | date: | 2015-02-07T00:00:00 |
| db: | BID | id: | 72528 | date: | 2015-02-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001529 | date: | 2015-02-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201502-132 | date: | 2015-02-09T00:00:00 |
| db: | NVD | id: | CVE-2015-0605 | date: | 2015-02-07T04:59:09 |