Executive Summary
Summary | |
---|---|
Title | Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20151104-esa2 | First vendor Publication | 2015-11-04 |
Vendor | Cisco | Last vendor Modification | 2015-11-04 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service (DoS) condition. The vulnerability is due to improper input validation when an email attachment contains corrupted fields and is filtered by the ESA. An attacker could exploit this vulnerability by sending a crafted email with an attachment to the ESA. A successful exploit could allow the attacker to cause a DoS condition. While the attachment is being filtered, memory is consumed at at high rate until the filtering process restarts. When the process restarts, it will resume processing the same malformed attachment and the DoS condition will continue. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2 BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVjU+vYpI1I6i1Mx3AQI3Lg//UM5v2fIxL1lNXJ+jL4Gt90DoB2nATquF YWyBxvmEzoVEy8v4YlL9TP09lc/jZEVhVTP4GbK8nplCrNP/Ah+NOfXzTF7bt/er ye+WWLIOex8W6+YAalLheIhAosCCGCJLQ4nwsTCSymYqBBI6QOEJYgoLxSwUOvVs zjM+UOA8pLnRiyTHpgWtsj/sLUUZ5IItM9/RrfZ34lMlRXlydJFObGlT5fsUcWxg YWAja2jNqp2mUv0Q6MabOku23SW7tBCIkYF2VYVaZ11Sf0gFMqBeNHnRk0pz56Ok 8lzpZSXjl+wZV8UtTyZksTkrXSUYzu5OmkDHaC3QOlcJmAm1rLIE+F6PSdh0hDuI 1yfivRv8JsKZO18IN86lZLYR7ath76WqWLiQzy6/VSfkfBWBdFRE8dzObN7jzt/V rKHlI30AbA38HqkI+H3DwTLPlGABXN43kk6H+Bg8eUPKuH+7hUZfZL5J7qlM7xIe J5mNiHW2dQz2/2N6fhxjtkfr0bbl6jztLGlXh+Z6iJmAEcxUStTqlm18rHQ3aL34 rGif+IDd0eCHUQtm1eEXiO4v3paKHE0VDko6gSd3fojLQ1HDN3Wf4PovfOYGphRI x4vy5cK3gqK55OkZMuhoRz1F10njVfwA1wdvsw7SSiZ2NHsR8BRa454Fr5DTiM5k LvbY0kRKk88= =gFEa END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-11-18 | Name : The remote security appliance is missing a vendor-supplied security patch. File : cisco-sa-20151104-aos_esa.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-11-19 13:25:08 |
|
2015-11-06 21:27:31 |
|
2015-11-04 21:17:51 |
|