CVE-2015-4236

2015-07-1019:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cisco

asyncos

email security

esa

cve-2015-4236

denial of service

nvd

vulnerability

clustering

ssh

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_appliance_firmwareMatch8.5.6-073

ciscoemail_security_appliance_firmwareMatch9.0.0-461

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq8.5.6-074
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq8.5.6-073
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq9.0.0-461

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-074
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	8.5.6-073
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	9.0.0-461