CVE-2021-34741: Input Validation
First published: Thu Nov 04 2021(Updated: )
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS | <13.0.4 | |
| Cisco AsyncOS | =13.5.3-010 | |
| Cisco AsyncOS | =13.7.0-093 | |
| Cisco M170 | ||
| Cisco M190 | ||
| Cisco M380 | ||
| Cisco M390 | ||
| Cisco M390x | ||
| Cisco M680 | ||
| Cisco M690 | ||
| Cisco M690x | ||
| Cisco S195 | ||
| Cisco S395 | ||
| Cisco S695 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34741?
CVE-2021-34741 is a vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) that could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device.
How does CVE-2021-34741 affect Cisco AsyncOS software?
CVE-2021-34741 affects Cisco AsyncOS software versions 13.0.4, 13.5.3-010, and 13.7.0-093.
How severe is CVE-2021-34741?
CVE-2021-34741 has a severity score of 7.5 (High).
How can an attacker exploit CVE-2021-34741?
An attacker can exploit CVE-2021-34741 by sending specially crafted email messages to the affected device, causing it to crash and become unresponsive.
Is there a fix available for CVE-2021-34741?
Yes, Cisco has released a software update to address the vulnerability. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco asyncos
- version/cisco asyncos/13.5.3-010
- version/cisco asyncos/13.7.0-093
- canonical/cisco m170
- canonical/cisco m190
- canonical/cisco m380
- canonical/cisco m390
- canonical/cisco m390x
- canonical/cisco m680
- canonical/cisco m690
- canonical/cisco m690x
- canonical/cisco s195
- canonical/cisco s395
- canonical/cisco s695