VDB
CVE-2020-26082
CVE-2020-26082
PUBLISHED
CVSS 5.800000190734863 MEDIUM
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
EPSS 0.10% · 26.7th percentile
Risk Scores
CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.10%
26.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | asyncos | 0 |
| Cisco | Cisco Secure Email | N/A |
Exploit Intelligence
- cisco-sa-esa-zip-bypass-gbU4gtTg (circl)
Timeline
- Aug 4, 2023 CVE Published
- Aug 5, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 18, 2023 EPSS Score
- Jan 21, 2024 EPSS Score
- Feb 24, 2024 EPSS Score
- Mar 28, 2024 EPSS Score
- May 1, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 8, 2024 EPSS Score