CVE-2013-3386

2022-10-0316:14:45

CWE-399

[email protected]

web.nvd.nist.gov

cve-2013-3386

ironport

spam quarantine

cisco

email security

denial of service

dos

security appliance

vulnerability

6.8 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

51.8%

JSON

The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.

Affected configurations

NVD

Node

ciscoironport_asyncosRange≤7.1.5

ciscoironport_asyncosMatch7.3

ciscoironport_asyncosMatch7.5

ciscoironport_asyncosMatch7.6

ciscoironport_asyncosMatch7.9

ciscoironport_asyncosMatch8.0

AND

ciscocontent_security_managementMatch-

ciscoemail_security_appliance_firmwareMatch-

CPENameOperatorVersion
cisco:ironport_asyncoscisco ironport asyncosle7.1.5
cisco:ironport_asyncoscisco ironport asyncoseq7.3
cisco:ironport_asyncoscisco ironport asyncoseq7.5
cisco:ironport_asyncoscisco ironport asyncoseq7.6
cisco:ironport_asyncoscisco ironport asyncoseq7.9
cisco:ironport_asyncoscisco ironport asyncoseq8.0

CPE	Name	Operator	Version
cisco:ironport_asyncos	cisco ironport asyncos	le	7.1.5
cisco:ironport_asyncos	cisco ironport asyncos	eq	7.3
cisco:ironport_asyncos	cisco ironport asyncos	eq	7.5
cisco:ironport_asyncos	cisco ironport asyncos	eq	7.6
cisco:ironport_asyncos	cisco ironport asyncos	eq	7.9
cisco:ironport_asyncos	cisco ironport asyncos	eq	8.0