1. Home
  2. CVE Database
  3. CVE-2023-20057
NONE · 0.0

CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters o...

Vulnerability Description

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

CVSS Score

0.0

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoAsyncos-
CiscoEmail Security Appliance C160-
CiscoEmail Security Appliance C170-
CiscoEmail Security Appliance C190-
CiscoEmail Security Appliance C370-
CiscoEmail Security Appliance C370D-
CiscoEmail Security Appliance C380-
CiscoEmail Security Appliance C390-
CiscoEmail Security Appliance C670-
CiscoEmail Security Appliance C680-
CiscoEmail Security Appliance C690-
CiscoEmail Security Appliance C690X-
CiscoEmail Security Appliance X1070-

Related Weaknesses (CWE)

CWE-74CWE-792

References

FAQ

What is CVE-2023-20057?

CVE-2023-20057 is a vulnerability with a CVSS score of 0.0 (NONE). A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters o...

How severe is CVE-2023-20057?

CVE-2023-20057 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20057?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asyncos, Cisco Email Security Appliance C160, Cisco Email Security Appliance C170, Cisco Email Security Appliance C190, Cisco Email Security Appliance C370.