Cisco Email Security Appliance and Web Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.

The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgX0jJ A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.

The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. A successful exploit could allow the attacker to bypass user filters that are configured for the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgX0jJ
Security Impact Rating: Medium
CVE: CVE-2016-6465

from Cisco Security Advisory http://ift.tt/2hgX0jJ