Cisco Email Security Appliance Denial of Service Vulnerability
CVE-2019-1947

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Email Security Appliance (esa)
Vendor: CVE Published:; 23 September 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.

Affected Version(s)

Cisco Email Security Appliance (ESA)

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Dec 6, 2018