Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3381

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.

Published

2014-10-19T01:55:13.607

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	asyncos	≤ 8.5	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381 Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/viewAlert.x?alertId=36062 Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/viewAlert.x?alertId=36062 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)