What is CVE-2023-20057?

CVE-2023-20057 is a vulnerability in Cisco Email Security Appliance (Esa), classified under CWE-792. Published 2023-01-19.

Is CVE-2023-20057 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Email Security Appliance (Esa)

CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerabi…

EPSS: 0.010 (77.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Email Security Appliance (Esa) — versions 10.0.1-087

Weakness classification (CWE)

CWE-792

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2023-20057

References

cisco-sa-esa-url-bypass-WbMQqNJh

Frequently asked questions

What is CVE-2023-20057?: CVE-2023-20057 is a vulnerability in Cisco Email Security Appliance (Esa), classified under CWE-792. Published 2023-01-19.
Is CVE-2023-20057 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.