Cisco ESA releases earlier than 13.0 Improper Input Validation Vulnerability

Summary

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n


Details

An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.

 

Vulnerable Systems:

Cisco ESA releases earlier than 13.0

 

CVE Information:

CVE-2020-3134

 

Disclosure Timeline:
Published Date:1/26/2020

Categories: FeaturedNews