Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2018-15460
HistoryJan 10, 2019 - 10:29 p.m.

CVE-2018-15460

2019-01-1022:29:00
CWE-770
CWE-20
cisco
web.nvd.nist.gov
52
cve-2018-15460
cisco
asyncos software
email security appliances
esa
cpu utilization
denial of service
dos
vulnerability
nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.

Affected configurations

Nvd
Node
ciscoasyncosRange<11.0.2-044_md
OR
ciscoasyncosRange11.1.0–11.1.2-023_md
AND
ciscoemail_security_applianceMatch-
VendorProductVersionCPE
ciscoasyncos*cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
ciscoemail_security_appliance-cpe:2.3:h:cisco:email_security_appliance:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance (ESA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

prion 1
cvelist 1
cisco 1
nvd 1
nessus 1
threatpost 2
prion
prion
Design/Logic Flaw
2019-01-10 22:29:00
cvelist
cvelist
CVE-2018-15460 Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability
2019-01-10 22:00:00
cisco
cisco
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability
2019-01-09 16:00:00
nvd
nvd
CVE-2018-15460
2019-01-10 22:29:00
nessus
nessus
Cisco Email Security Appliance Multiple DoS Vulnerabilities (cisco-sa-20190109-esa-dos / cisco-sa-20190109-esa-url-dos)
2019-01-18 00:00:00
threatpost
threatpost
Critical Flaw in Cisco's Email Security Appliance Enables 'Permanent DoS'
2019-01-09 22:33:42
Cisco Patches Critical β€˜Default Password’ Bug
2019-03-14 16:56:09

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON
Related for CVE-2018-15460
prion1cvelist1cisco1nvd1nessus1threatpost2