CVE-2015-6291: Input Validation
First published: Fri Nov 06 2015(Updated: )
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Email Security Appliance Firmware | =7.7.0-000 | |
| Cisco Email Security Appliance Firmware | =7.7.1-000 | |
| Cisco Email Security Appliance Firmware | =8.0_base | |
| Cisco Email Security Appliance Firmware | =8.5.6-052 | |
| Cisco Email Security Appliance Firmware | =8.5.6-073 | |
| Cisco Email Security Appliance Firmware | =8.5.6-074 | |
| Cisco Email Security Appliance Firmware | =8.5.6-106 | |
| Cisco Email Security Appliance Firmware | =8.5.6-113 | |
| Cisco Email Security Appliance Firmware | =8.5.7-042 | |
| Cisco Email Security Appliance Firmware | =8.5_base | |
| Cisco Email Security Appliance Firmware | =9.0.0 | |
| Cisco Email Security Appliance Firmware | =9.0.0-212 | |
| Cisco Email Security Appliance Firmware | =9.0.0-461 | |
| Cisco Email Security Appliance Firmware | =9.0.5-000 | |
| Cisco Email Security Appliance Firmware | =9.1.0-032 | |
| Cisco Email Security Appliance Firmware | =9.6.0-042 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6291?
CVE-2015-6291 has a High severity rating due to its potential impact on Cisco Email Security Appliance devices.
How do I fix CVE-2015-6291?
To fix CVE-2015-6291, upgrade your Cisco Email Security Appliance to a version that includes the patch, specifically 8.5.7-043, 9.1.1-023, or later.
What versions are affected by CVE-2015-6291?
CVE-2015-6291 affects Cisco Email Security Appliance versions prior to 8.5.7-043, 9.1.1-023, and 9.6.0-046.
What happens if I don't address CVE-2015-6291?
Failing to address CVE-2015-6291 could lead to potential unauthorized access or exploitation of the Email Security Appliance.
How can I verify if my Cisco Email Security Appliance is vulnerable to CVE-2015-6291?
You can verify vulnerability to CVE-2015-6291 by checking the firmware version of your Cisco Email Security Appliance against the affected versions.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco email security appliance firmware
- version/cisco email security appliance firmware/7.7.0-000
- version/cisco email security appliance firmware/7.7.1-000
- version/cisco email security appliance firmware/8.0_base
- version/cisco email security appliance firmware/8.5.6-052
- version/cisco email security appliance firmware/8.5.6-073
- version/cisco email security appliance firmware/8.5.6-074
- version/cisco email security appliance firmware/8.5.6-106
- version/cisco email security appliance firmware/8.5.6-113
- version/cisco email security appliance firmware/8.5.7-042
- version/cisco email security appliance firmware/8.5_base
- version/cisco email security appliance firmware/9.0.0
- version/cisco email security appliance firmware/9.0.0-212
- version/cisco email security appliance firmware/9.0.0-461
- version/cisco email security appliance firmware/9.0.5-000
- version/cisco email security appliance firmware/9.1.0-032
- version/cisco email security appliance firmware/9.6.0-042