Proofpoint Enterprise Protection Attachment Scanning Bypass Vulnerability

PPS Attachment Scanning Bypass Issue, CVE-2019-19680

Advisory ID: PFPT-SA-2020-0001

Proofpoint Enterprise Protection (PPS / PoD) contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file blocking rules. The vulnerability exists because messages with certain specially crafted or malformed MIME structures are not properly handled. A successful attack may result in the attachments being delivered to end users, but end users would need to open the attachments in order to be impacted. Further, this vulnerability only bypasses file-based checks on attachments; other controls within Proofpoint Enterprise Protection and Targeted Attack Protection, such as spam and impostor filtering, Proofpoint Dynamic Reputation, URL rewriting and click-time protection, etc. are unaffected.

Patch Information

This vulnerability is identified by CVE-2019-19680. Proofpoint has released patches to address this issue.

This vulnerability has been assigned a CVSS score of 8.9:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected Versions

Product Update Profile Affected Versions
Latest Unpatched PPS v8.14.2 and prior
Long Term Support (LTS) Unpatched PPS v8.9.22 and prior

Proofpoint customers can view the applicable patch details for their deployment in the Proofpoint Community.

Proofpoint on Demand Customers

No action is required. Applicable patches have already been deployed by Proofpoint.

Proofpoint on-premise Customers

No action is required for Enterprise Protection (PPS) Hardware and Virtual Appliance customers, running supported versions that are configured to deploy patches automatically. Applicable patches have been automatically deployed.

For on-premise environments that are configured to manually apply patches, follow these steps:

  • Log in to Admin Console.
  • Click Check for Updates on the System > Licenses and Updates > General page. Select the patch number.
  • Click Download to download the patch.
  • Select the checkbox next to the modules or software patches you want to deploy.
  • Click Apply Update(s) to deploy the latest module updates or software patches.
  • Click OK to return to the System > Licenses and Updates > General page.

No mail flow will be interrupted while updates are applied.

For any questions or concerns, please contact Proofpoint Support. Further updates will be posted as needed.

Questions or comments?

Open a Support call or contact Support via your hotline phone number. Further updates will be posted as needed.