High severity7.5NVD Advisory· Published Jun 13, 2017· Updated May 13, 2026

CVE-2017-6671

Description

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.

Affected products

Cisco Systems, Inc./Email Security Appliance Firmware2 versions
cpe:2.3:a:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance_firmware:10.0.1-087:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98969nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038635nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000