CVE-2013-3386

2022-10-0316:14:45

CWE-399

cisco

web.nvd.nist.gov

cve-2013-3386

ironport

spam quarantine

cisco

email security

denial of service

dos

security appliance

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.

Affected configurations

Nvd

Node

ciscoironport_asyncosRange≤7.1.5

ciscoironport_asyncosMatch7.3

ciscoironport_asyncosMatch7.5

ciscoironport_asyncosMatch7.6

ciscoironport_asyncosMatch7.9

ciscoironport_asyncosMatch8.0

AND

ciscocontent_security_managementMatch-

ciscoemail_security_appliance_firmwareMatch-

VendorProductVersionCPE
ciscoironport_asyncos7.5cpe:/o:cisco:ironport_asyncos:7.5:::
ciscoironport_asyncoscpe:/o:cisco:ironport_asyncos::::
ciscoironport_asyncos7.6cpe:/o:cisco:ironport_asyncos:7.6:::
ciscoironport_asyncos7.3cpe:/o:cisco:ironport_asyncos:7.3:::
ciscoironport_asyncos8.0cpe:/o:cisco:ironport_asyncos:8.0:::
ciscoironport_asyncos7.9cpe:/o:cisco:ironport_asyncos:7.9:::

Vendor	Product	Version	CPE
cisco	ironport_asyncos	7.5	cpe:/o:cisco:ironport_asyncos:7.5:::
cisco	ironport_asyncos		cpe:/o:cisco:ironport_asyncos::::
cisco	ironport_asyncos	7.6	cpe:/o:cisco:ironport_asyncos:7.6:::
cisco	ironport_asyncos	7.3	cpe:/o:cisco:ironport_asyncos:7.3:::
cisco	ironport_asyncos	8.0	cpe:/o:cisco:ironport_asyncos:8.0:::
cisco	ironport_asyncos	7.9	cpe:/o:cisco:ironport_asyncos:7.9:::