Description
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file.
Problem types
Download of Code Without Integrity Check
Product status
11.8.0-453
12.5.3-002
12.0.3-007
12.0.3-005
14.1.0-032
14.1.0-047
14.1.0-041
12.0.4-002
14.0.2-012
11.8.0-414
12.0.1-268
11.8.1-023
11.8.3-021
11.8.3-018
12.5.1-011
11.8.4-004
12.5.2-007
12.5.2-011
14.5.0-498
12.5.4-005
12.5.4-011
12.0.5-011
14.0.3-014
12.5.5-004
12.5.5-005
12.5.5-008
14.0.4-005
14.5.1-008
14.5.1-016
15.0.0-355
15.0.0-322
12.5.6-008
15.1.0-287
14.5.2-011
15.2.0-116
14.0.5-007
15.2.0-164
14.5.1-510
12.0.2-012
12.0.2-004
14.5.1-607
14.5.3-033
15.0.1-004
15.2.1-011
14.5.0-673
14.5.0-537
12.0.1-334
14.0.1-503
14.0.1-053
11.8.0-429
14.0.1-040
14.0.1-014
12.5.1-043
15.2.2-009
15.5.0-566
15.2.3-007
15.5.0-574
15.5.0-710
15.2.4-022
15.5.1-002
References
sec.cloudapps.cisco.com/...co-sa-wsa-archive-bypass-Scx2e8zF (cisco-sa-wsa-archive-bypass-Scx2e8zF)