Guest

Preview Tool

Cisco Bug: CSCzv54343 - Uuencode emails are generating scanning error.

Last Modified

Mar 19, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.5.1-028 8.0.0-000 8.5.6-092

Description (partial)

Symptom:
A vulnerability in the Uuencode inspection engine of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated,
remote attacker to bypass the engine protection and deliver a malicious files as an email attachment.
The ESA will log 'Scanning Error' in the mail_logs after allowing the email to traverse it.

Conditions:
ESA configured to inspect attachments, eg: to discard executable files.

Related Community Discussions

ED Availability of AsyncOS 9.1.0-032 for ESA
Cisco is pleased to announce a new major release of AsyncOS 9.1.0 for Email.  This release applies to all our Email Security Appliances (C-Series, X-Series, and virtual appliances) with 8GB of RAM, and the C170 appliance.   Please note that the following hardware is  NOT  supported for this release: C160, C360, C660, and X1060    New Enhancements in AsyncOS 9.1.0 for Email File Analysis quarantine improvements:  Messages can now be automatically released or deleted from the centralized File Analysis ...
Latest activity: Apr 30, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.