Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability

ID CISCO-SA-20150715-CVE-2015-4278
Type cisco
Reporter Cisco
Modified 2015-07-15T21:02:22


A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to generate malformed Domain-Based Message Authentication, Reporting, and Conformance (DMARC) policy records to the targeted system.

The vulnerability occurs because the affected ESA is not able to receive email messages from domains with malformed DMARC policy records. An attacker could exploit this vulnerability by enabling DMARC or modifying system contents. A successful exploit could result in a denial of service (DoS) condition.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, an attacker must enable DMARC or modify other system contents on the targeted device. In a typical network environment, the targeted device may be located on trusted, internal networks behind firewall restrictions, making exploitation more difficult from attackers on untrusted networks.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.