cisco-sa-esa-dos-MxZvGtgU: Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability
First published: Wed Feb 16 2022(Updated: )
A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
Credit: Cesare Auteri Rijksoverheid Dienst ICT UitvoeringSteven Geerts Rijksoverheid Dienst ICT UitvoeringJohn-Paul Straver Rijksoverheid Dienst ICT Uitvoering Rijksoverheid Dienst ICT UitvoeringRoy Wiss Rijksoverheid Dienst ICT Uitvoering
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS Software | >=12.5 and earlier=13.0=13.5<=14.0<14.0.2.020 | 14.0.2.020 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-esa-dos-MxZvGtgU?
The severity of the cisco-sa-esa-dos-MxZvGtgU vulnerability is classified as a denial of service (DoS) risk.
How do I fix cisco-sa-esa-dos-MxZvGtgU?
To fix the cisco-sa-esa-dos-MxZvGtgU vulnerability, update to a supported version of Cisco AsyncOS that is not affected by this security issue.
What products are affected by cisco-sa-esa-dos-MxZvGtgU?
The cisco-sa-esa-dos-MxZvGtgU vulnerability affects Cisco AsyncOS Software versions 12.5 and earlier, 13.0, 13.5, and versions up to but not including 14.0.2.020.
Can the cisco-sa-esa-dos-MxZvGtgU vulnerability be exploited remotely?
Yes, the cisco-sa-esa-dos-MxZvGtgU vulnerability can be exploited by an unauthenticated, remote attacker.
What impact does cisco-sa-esa-dos-MxZvGtgU have on the system?
Exploitation of the cisco-sa-esa-dos-MxZvGtgU vulnerability can result in a denial of service condition on the affected Cisco Email Security Appliance.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/title
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asyncos software
- version/cisco asyncos software/12.5 and earlier
- version/cisco asyncos software/13.0
- version/cisco asyncos software/13.5
- version/cisco asyncos software/14.0