Scanning evasion issue in Cisco Secure Email Gateway


Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments.
It was reported that a certain crafted file can evade anti-virus scanning facility.

This issue was found by Takahiro Ohtani and Michael Joshua Telloyan in the Bug Bounty program at the University of Electro-Communications.
They then reported it to IPA, and JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Affected Products

Cisco Systems, Inc.
  • Cisco Secure Email Gateway versions prior to 15.5


Some malicious contents may evade the scanning facility of the affected product and reach victim recipients.

[Update the software]
The developer states version 15.5 that contains a fix for this issue is scheduled to be released at the end of January 2024.
This issue is resolved by updating the file scanning rules with an update.

For more information, refer to the information provided by the developer.
Vendor Information

Cisco Systems, Inc.
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#58574030
Revision History

  • [2023/10/16]
      Web page was published
  • [2023/10/18]
      Solution was modified
      Vendor Information : Content was added
  • [2023/10/27]
      Solution was modified