Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

2020-01-2216:00:00

tools.cisco.com

EPSS

0.002

Percentile

51.4%

JSON

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition.

Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n”]

Affected configurations

Vulners

Node

ciscoemail_security_applianceMatchany

VendorProductVersionCPE
ciscoemail_security_applianceanycpe:2.3:h:cisco:email_security_appliance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance	any	cpe:2.3:h:cisco:email_security_appliance:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n

EPSS

0.002

Percentile

51.4%

JSON

Related for CISCO-SA-ESA-DOS-87MBKC8N