Adding Cisco CVE-2019-1933

2025-06-08 14:08:13 +00:00 · 2019-07-06 01:29:33 +00:00 · 2019-07-06 01:29:33 +00:00 · 18b8cb15a5
commit 18b8cb15a5
parent ecee413e98
1 changed files with 73 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1933.json
+++ b/2019/1xxx/CVE-2019-1933.json
@ -1,8 +1,34 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2019-07-03T16:00:00-0700",
        "ID": "CVE-2019-1933",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Email Security Appliance Content Filter Bypass Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Email Security Appliance (ESA) ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "=",
+                                            "version_value": "11.1.2-023"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +37,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails. "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "5.8",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20190703 Cisco Email Security Appliance Content Filter Bypass Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-esa-filterpass"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20190703-esa-filterpass",
+        "defect": [
+            [
+                "CSCvo55451"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}