Denial of Service Vulnerability in Cisco Email Security Appliance
CVE-2022-20960

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Email
Vendor: CVE Published:; 4 November 2022

Badges

👾 Exploit Exists

What is CVE-2022-20960?

A vulnerability in Cisco AsyncOS for the Cisco Email Security Appliance (ESA) can enable an unauthenticated remote attacker to create a denial of service (DoS) condition. This occurs due to improper handling of specific TLS connections, allowing attackers to establish numerous concurrent TLS connections to the device. Successfully exploiting this vulnerability may lead to the device dropping new TLS email messages originating from associated email servers. Although the device does not reload unexpectedly during this process, it may take several hours to recover autonomously after the disruption is resolved.

Affected Version(s)

Cisco Secure Email 11.0.3-238

Cisco Secure Email 11.1.0-069

Cisco Secure Email 11.1.0-131

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 4, 2022
Vulnerability Reserved
Nov 2, 2021