Main Vulnerability Database Vulnerabilities #VU25787

#VU25787 Resource exhaustion in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3181

Published: March 5, 2020

Vulnerability identifier: #VU25787

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3181

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco AsyncOS for Cisco Email Security Appliance

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to exhaust resources on an affected device.

The vulnerability exists due to insufficient control over system memory allocation in the malware detection functionality in Cisco Advanced Malware Protection (AMP). A remote attacker can send a specially crafted email through the targeted device, cause an email attachment that contains malware to be delivered to a user and cause email processing delays.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-resource-exhaust-D7RQAhnD

#VU25787 Resource exhaustion in Cisco AsyncOS for Cisco Email Security Appliance - CVE-2020-3181

Description

Remediation

External links

Please verify you're human