CVE-2014-3381
Description
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.16
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability For Cisco IronPort Email Security Appliance Software | NCM |
| CVE-2014-3381 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234