Rapid7 Vulnerability & Exploit Database

Cisco PIX Firewall SMTP Content Filtering Evasion Vulnerability

Back to Search

Cisco PIX Firewall SMTP Content Filtering Evasion Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/11/2000
Created
07/25/2018
Added
11/01/2004
Modified
02/17/2021

Description

The Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain SMTP commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY).

During communication with the Cisco PIX SMTP proxy server, if the "DATA" command is sent before the more important information is sent, such as "RCPT TO", the proxy will return error 503, saying that RCPT was required. After this, the proxy incorrectly lets all commands through through until recieving the end-of-message indicator. It is then possible for the attacker to issue commands directly to the mail server behind the firewall.

Solution(s)

  • smtp-ciscopix-0001

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;