cisco-sa-20200219-esa-sma-dos: Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability
First published: Wed Feb 19 2020(Updated: )
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20200219-esa-sma-dos?
The severity of cisco-sa-20200219-esa-sma-dos is classified as high due to its potential to cause repeated crashes of the internal processes.
How do I fix cisco-sa-20200219-esa-sma-dos?
To fix cisco-sa-20200219-esa-sma-dos, apply the latest patches and updates provided by Cisco for AsyncOS.
What systems are affected by cisco-sa-20200219-esa-sma-dos?
cisco-sa-20200219-esa-sma-dos affects Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) running AsyncOS Software.
Can cisco-sa-20200219-esa-sma-dos be exploited remotely?
Yes, cisco-sa-20200219-esa-sma-dos can be exploited by an unauthenticated remote attacker.
What type of attack is cisco-sa-20200219-esa-sma-dos associated with?
cisco-sa-20200219-esa-sma-dos is associated with a denial-of-service (DoS) attack affecting internal processes.
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asyncos