CVE-2017-3827

medium Cisco
CVSS v3 Base Score
5.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.4%
Exploitation probability in 30 days
Top 42% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: February 22, 2017 (3368 days ago)
Last Modified: May 13, 2026
Vendor: Cisco
Source: NVD

Description

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233.

CWE

CWE-20

Affected Products

cisco web security appliancecisco email security appliance firmware

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securityfocus.com