SB2020022013 - Multiple vulnerabilities in Cisco AsyncOS for Cisco Email Security Appliance and Content Security Management Appliance 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020022013

SB2020022013 - Multiple vulnerabilities in Cisco AsyncOS for Cisco Email Security Appliance and Content Security Management Appliance

Published: February 20, 2020 Updated: February 20, 2020

Security Bulletin ID SB2020022013
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2019-1947)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists within the email message filtering feature due to improper handling of email messages that contain large attachments. A remote attacker can send a malicious email message through the targeted device and cause a permanent DoS condition due to high CPU utilization.


2) Input validation error (CVE-ID: CVE-2019-1983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists within the email message filtering feature due to insufficient input validation of email attachments. A remote attacker can send an email message with a crafted attachment through an affected device and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References