Rewterz Threat Advisory – CVE-2019-1955 – Cisco Email Security Appliance Header Injection Vulnerability

September 27, 2019

Severity

Medium

Analysis Summary

The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device.

Impact

Security bypass

Affected Vendors

Cisco

Affected Products

Cisco AsyncOS Software prior than 4.0MR1

Remediation

Please see vendor’s advisory for more details.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-esm-inject

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SonicWall Flags Active Exploitation of Critical Security Flaws

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Cactus Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2019-1901 – Cisco Nexus 9000 Series Buffer Overflow Vulnerability

Rewterz Threat Alert – Divergent: Fileless Malware Using NodeJS

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.