Sign-up

ID

VAR-202009-1110


CVE

CVE-2020-3133


TITLE

Cisco Email Security Appliance  of  AsyncOS  software   Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011572

DESCRIPTION

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device. AsyncOS Software is a set of operating systems running in it. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. There is currently no detailed vulnerability details provided

Trust: 2.25

sources: NVD: CVE-2020-3133 // JVNDB: JVNDB-2020-011572 // CNVD: CNVD-2020-32910 // VULHUB: VHN-181258

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-32910

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:ltversion:13.0

Trust: 1.6

vendor:シスコシステムズmodel:cisco e メール セキュリティ アプライアンスscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco e メール セキュリティ アプライアンスscope:eqversion:cisco e email security appliance

Trust: 0.8

sources: CNVD: CNVD-2020-32910 // JVNDB: JVNDB-2020-011572 // NVD: CVE-2020-3133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3133
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3133
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3133
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-32910
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-1389
value: HIGH

Trust: 0.6

VULHUB: VHN-181258
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3133
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-32910
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181258
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3133
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3133
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2020-3133
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-32910 // VULHUB: VHN-181258 // JVNDB: JVNDB-2020-011572 // CNNVD: CNNVD-202001-1389 // NVD: CVE-2020-3133 // NVD: CVE-2020-3133

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181258 // JVNDB: JVNDB-2020-011572 // NVD: CVE-2020-3133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1389

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1389

PATCH

title:cisco-sa-esa-bypass-5Cdv2HMAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-bypass-5Cdv2HMA

Trust: 0.8

title:Patch for Cisco Email Security Appliance AsyncOS Software Input Verification Error Vulnerability (CNVD-2020-32910)url:https://www.cnvd.org.cn/patchInfo/show/221577

Trust: 0.6

title:Cisco Email Security Appliance AsyncOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107732

Trust: 0.6

sources: CNVD: CNVD-2020-32910 // JVNDB: JVNDB-2020-011572 // CNNVD: CNNVD-202001-1389

EXTERNAL IDS

db:NVDid:CVE-2020-3133

Trust: 3.1

db:AUSCERTid:ESB-2020.0235

Trust: 1.2

db:JVNDBid:JVNDB-2020-011572

Trust: 0.8

db:CNNVDid:CNNVD-202001-1389

Trust: 0.7

db:CNVDid:CNVD-2020-32910

Trust: 0.6

db:VULHUBid:VHN-181258

Trust: 0.1

sources: CNVD: CNVD-2020-32910 // VULHUB: VHN-181258 // JVNDB: JVNDB-2020-011572 // CNNVD: CNNVD-202001-1389 // NVD: CVE-2020-3133

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-bypass-5cdv2hma

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3133

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.0235/

Trust: 1.2

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-dos-87mbkc8n

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-email-sec-xss-ebjxuxwp

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-esa-privilege-escalation-via-content-filter-bypass-31410

Trust: 0.6

sources: CNVD: CNVD-2020-32910 // VULHUB: VHN-181258 // JVNDB: JVNDB-2020-011572 // CNNVD: CNNVD-202001-1389 // NVD: CVE-2020-3133

SOURCES

db:CNVDid:CNVD-2020-32910
db:VULHUBid:VHN-181258
db:JVNDBid:JVNDB-2020-011572
db:CNNVDid:CNNVD-202001-1389
db:NVDid:CVE-2020-3133

LAST UPDATE DATE

2024-11-23T21:35:18.941000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-32910date:2020-06-15T00:00:00
db:VULHUBid:VHN-181258date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2020-011572date:2021-04-06T09:06:00
db:CNNVDid:CNNVD-202001-1389date:2020-09-30T00:00:00
db:NVDid:CVE-2020-3133date:2024-11-21T05:30:23.663

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-32910date:2020-06-15T00:00:00
db:VULHUBid:VHN-181258date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-011572date:2021-04-06T00:00:00
db:CNNVDid:CNNVD-202001-1389date:2020-01-22T00:00:00
db:NVDid:CVE-2020-3133date:2020-09-23T01:15:15.160