Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 19, 2023Rewterz Threat Advisory – CVE-2023-20010 – Cisco Unified Communications Manager Vulnerability
January 19, 2023Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 19, 2023Rewterz Threat Advisory – CVE-2023-20010 – Cisco Unified Communications Manager Vulnerability
January 19, 2023Severity
Medium
Analysis Summary
CVE-2023-20057
Cisco Email Security Appliance could allow a remote attacker to bypass security restrictions, caused by improper processing of URLs. By crafting a URL in a particular way, an attacker could exploit this vulnerability to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-20057
Affected Vendors
Cisco
Affected Products
- Cisco AsyncOS Software for Email Security Appliances (ESA)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.