SB2019011008 - Denial of service in Cisco Email Security Appliance

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2018-15453)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features due to improper input validation of S/MIME-signed emails. A remote attacker can send a malicious S/MIME-signed email through a targeted device, trigger memory corruption if Decryption and Verification or Public Key Harvesting is configured and cause the filtering process to crash and restart.

2) Input validation error (CVE-ID: CVE-2018-15460)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists in the email message filtering feature due to improper filtering of email messages that contain references to whitelisted URLs. A remote attacker can send a malicious email message that contains a large number of whitelisted URLs, cause the CPU utilization to increase to 100 percent and force the affected device to stop scanning and forwarding email messages.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos