Cisco Secure Email Gateway Malware Detection Evasion
Cisco Secure Email Gateways, formerly known as Cisco Ironport Email
Security Appliances, that are configured to detect malicious email
attachments, can easily be circumvented. A remote attacker can leverage
error tolerance and different MIME decoding capabilities of email clients, compared with the gateway, to evade detection of malicious payloads by anti-virus components on the gateway. This exploit was successfully tested
with a zip file containing the Eicar test virus and Cisco Secure Email
Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. An affected
Email Client was Mozilla Thunderbird 91.11.0 (64-bit).
https://packetstormsecurity.com/files/169860/ciscoseg-bypass.txt
Tue, 15 Nov 2022 16:48:49 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com