Medium severity5.8NVD Advisory· Published Feb 3, 2017· Updated May 13, 2026

CVE-2017-3818

Description

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.

Affected products

Cisco Systems, Inc./Email Security Appliance Firmware
cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/95939nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1nvdVendor Advisory
www.securitytracker.com/id/1037773nvd

News mentions

No linked articles in our index yet.

cvss	0.377
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000