Resource exhaustion in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3181
Published: March 5, 2020
Vulnerability identifier: #VU25787
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3181
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AsyncOS for Cisco Email Security Appliance
Cisco AsyncOS for Cisco Email Security Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to exhaust resources on an affected device.
The vulnerability exists due to insufficient control over system memory allocation in the malware detection functionality in Cisco Advanced Malware Protection (AMP). A remote attacker can send a specially crafted email through the targeted device, cause an email attachment that contains malware to be delivered to a user and cause email processing delays.
How to mitigate CVE-2020-3181
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.