Vigil@nce - Cisco Email Security Appliance: filtering bypass via Zip files
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can wrap malicious files into a Zip archive, in order
to bypass the content filter of Cisco Email Security Appliance.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Creation date: 23/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco Email Security Appliance product offers an anti-spam
filter.
The filter must look at attached files, including archive members.
However, the parser of Zip files is wrong, and some specially
crafted Zip files allow to make some archive members invisible to
the filter.
An attacker can therefore wrap malicious files into a Zip archive,
in order to bypass the content filter of Cisco Email Security
Appliance.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN