Cyber Resilience

CVE-2023-20057

Low

Published: 20 January 2023

Published
20 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
EPSS Score 0.0097 77.0th percentile
Risk Priority 1 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20057 is a uncategorised-severity Incomplete Filtering of One or More Instances of Special Elements (CWE-792) vulnerability in Cisco Asyncos. Its CVSS base score is 0.0.

Operationally, ranked in the top 23.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing…

more

of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
asyncos
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References