SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Web Security Appliance Vendors:   Cisco
Cisco Web Security Appliance File Hashing Error Lets Remote Users Bypass Advanced Malware Protection on the Target System
SecurityTracker Alert ID:  1039828
SecurityTracker URL:  http://securitytracker.com/id/1039828
CVE Reference:   CVE-2017-12303   (Links to External Site)
Date:  Nov 16 2017
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  
Version(s): 10.1.1-234; 10.1.1-235
Description:   A vulnerability was reported in Cisco Web Security Appliance. A remote user can bypass security controls on the target system.

A remote user can send a specially crafted email file attachment through the target device to trigger a hashing error and bypass the Advanced Malware Protection (AMP) file filtering feature on the target system.

Zipped and archived file types are affected.

The vendor has assigned bug ID CSCvf52943 to this vulnerability.

Impact:   A remote user can bypass the AMP file filtering feature on the target system.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC