First published: Thu Jul 16 2015(Updated: )
Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Email Security Appliance Firmware | =8.5.6-106 | |
Cisco Email Security Appliance Firmware | =9.5.0-201 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-4278 has a medium severity rating, as it can cause a denial of service affecting e-mail reception.
To fix CVE-2015-4278, upgrade your Cisco Email Security Appliance to a version higher than 9.5.0-201 or 8.5.6-106.
CVE-2015-4278 protects against denial of service attacks aimed at disrupting e-mail reception through malformed DMARC policy data.
CVE-2015-4278 affects Cisco Email Security Appliance software versions 8.5.6-106 and 9.5.0-201.
Yes, CVE-2015-4278 can be exploited remotely by attackers sending specific malformed DMARC policy data.