CVE-2018-15460

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:50

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/106507 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/106507 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos - Vendor Advisory

Information

Published : 2019-01-10 22:29

Updated : 2024-11-21 03:50


NVD link : CVE-2018-15460

Mitre link : CVE-2018-15460

CVE.ORG link : CVE-2018-15460


JSON object : View

Products Affected

cisco

  • email_security_appliance
  • asyncos
CWE
CWE-20

Improper Input Validation

CWE-770

Allocation of Resources Without Limits or Throttling