CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
56.2%
A vulnerability in Subject header length processing on Cisco IronPort Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a limited denial of service (DoS) condition on an affected platform.
The vulnerability occurs because the appliance does not limit the length of Subject headers sent through the appliance. An attacker could exploit this vulnerability by sending multiple crafted messages across the appliance, resulting in high CPU utilization. Continued high CPU utilization may cause a DoS condition on the platform.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
If attackers successfully cause a DoS condition on an affected device, processing of incoming email may stop, impacting internal email users.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ironport_email_security_appliance | any | cpe:2.3:a:cisco:ironport_email_security_appliance:any:*:*:*:*:*:*:* |