Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability
Summary
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end us…
- Scope: At the time of publication, this vulnerability affected Cisco Secure Web Appliance, both virtual and hardware versions, regardless of device configuration.
- Release 15.2 and earlier (first fixed: 15.2.5-013)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 15.2.5-013
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 15.2 and earlier: upgrade to 15.2.5-013.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.