#VU1080 Denial of service in Cisco Email Security Appliance and Cisco AsyncOS for Cisco Email Security Appliance - CVE-2016-1481

Vulnerability identifier: #VU1080

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-1481

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers
Cisco AsyncOS for Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote unauthenticated user to cause memory exhaustion on the target system.
The weakness is due to insufficient validation if input data. By sending email message with a specially crafted Design (DGN) file attachment, attackers can consume excessive memory during message filtering, causing the process to restart.
Successful exploitation of the vulnerability may lead to denial of service on the vulnerable system.

Mitigation
Update to version 9.1.1-038, 9.7.1-066, 10.0.0-124.

Vulnerable software versions

Cisco Email Security Appliance: 8.0 - 8.5

Cisco AsyncOS for Cisco Email Security Appliance: 9.0 - 10.0

---

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.