Cisco Systems Inc. has  issued a bug report on alerting the public about a flaw in the Sophos and McAfee scanning engines of the Cisco Secure Email Gateway. This vulnerability might be exploited by an unauthenticated, remote attacker to bypass specific filtering features.

According to the report “The issue is due to improper identification of potentially malicious emails or attachments. An attacker could exploit this issue by sending a malicious email with malformed Content-Type headers (MIME Type) through an affected device. An exploit could allow the attacker to bypass default anti-malware filtering features based on the affected scanning engines and successfully deliver malicious messages to the end clients.”

Every device running with a default configuration is affected by the vulnerability. Multiple low-complexity attack methods to get past certain of the Cisco Secure Email Gateway appliance filters were publicly reported by an unnamed security researcher. Bypassing Cisco Secure Email Gateway in Outlook, Thunderbird, Mutt, and Vivaldi may be possible thanks to the attack techniques the researcher revealed.

Recommendation

System administrators are recommended to find susceptible assets, and as quickly as possible, deploy vendor-provided security patches.

Sources

https://securityaffairs.co/wordpress/138859/security/cisco-secure-email-gateways-bypass.html

https://bst.cisco.com/quickview/bug/CSCwc34679