Denial of service in Cisco Email Security Appliance
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-15453 CVE-2018-15460 |
| CWE-ID | CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Email Security Appliance Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU16922
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-15453
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features due to improper input validation of S/MIME-signed emails. A remote attacker can send a malicious S/MIME-signed email through a targeted device, trigger memory corruption if Decryption and Verification or Public Key Harvesting is configured and cause the filtering process to crash and restart.
MitigationThe vulnerability has been addressed in the versions 12.0.0-281, 11.1.1-042, 11.1.1-037, 11.0.2-044.
Cisco Email Security Appliance: 11 0 1 401 - 11.1.0 131
CPE2.3- cpe:2.3:a:cisco_systems:cisco_email_security_appliance:11 0 1 401:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_email_security_appliance:11.1.0 131:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU16923
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-15460
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists in the email message filtering feature due to improper filtering of email messages that contain references to whitelisted URLs. A remote attacker can send a malicious email message that contains a large number of whitelisted URLs, cause the CPU utilization to increase to 100 percent and force the affected device to stop scanning and forwarding email messages.
MitigationThe vulnerability has been addressed in the versions 12.0.0-281, 11.1.2-023, 11.0.2-044.
Cisco Email Security Appliance: 10.0.3 004 - 12.0.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_email_security_appliance:10.0.3 004:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_email_security_appliance:11.0.0 274:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_email_security_appliance:11.0.2 037:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
