Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2019-1983

Published: 23/09/2020 Updated: 01/10/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Content Security Management Appliance

Vulnerability Summary

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote malicious user to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the malicious user to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the malicious user to cause a repeated DoS condition. Manual intervention may be required to recover from this situation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco content security management appliance 11.4.0-812

cisco asyncos

cisco email security appliance 11.0.1-hp5-602

cisco email security appliance 11.1.0-404

Vendor Advisories

Cisco: Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of servic ...

Recent Articles

Oi, Cisco! Who left the 'high privilege' login for Smart Software Manager just sitting out in the open?
The Register • Shaun Nichols in San Francisco • 19 Feb 2020

Critical fix for static credential headlines latest patch rollout Another week, another bunch of Windows 10 machines punched by a patch

Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines. The bundle includes one fix for a critical issue and six patches for bugs deemed high-risk vulnerabilities. They include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries. The lone critical bulletin is for CVE-2020-3158, a bug caused by the presence of a high-privilege account with a static password present in the Cisco Smart S...

Read more...

References

CWE-20https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-doshttps://nvd.nist.govhttps://www.theregister.co.uk/2020/02/19/cisco_february_fixes/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook