A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-08-03T21:16:38.159Z

Updated: 2024-08-02T09:05:35.594Z

Reserved: 2022-10-27T18:47:50.368Z

Link: CVE-2023-20215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-03T22:15:11.513

Modified: 2024-11-21T07:40:54.337

Link: CVE-2023-20215

cve-icon Redhat

No data.