Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20190109-ESA-DOS
HistoryJan 09, 2019 - 4:00 p.m.

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability

2019-01-0916:00:00
tools.cisco.com
94

0.003 Low

EPSS

Percentile

67.6%

JSON

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device.

The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos”]

Related

cvelist 1
cve 1
prion 1
nessus 1
threatpost 1
cvelist
cvelist
CVE-2018-15453 Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability
2019-01-09 00:00:00
cve
cve
CVE-2018-15453
2019-01-10 18:29:00
prion
prion
Design/Logic Flaw
2019-01-10 18:29:00
nessus
nessus
Cisco Email Security Appliance Multiple DoS Vulnerabilities (cisco-sa-20190109-esa-dos / cisco-sa-20190109-esa-url-dos)
2019-01-18 00:00:00
threatpost
threatpost
Critical Flaw in Cisco's Email Security Appliance Enables 'Permanent DoS'
2019-01-09 22:33:42

0.003 Low

EPSS

Percentile

67.6%

JSON
Related for CISCO-SA-20190109-ESA-DOS
cvelist1cve1prion1nessus1threatpost1