#VU16922 Memory corruption in Cisco Email Security Appliance - CVE-2018-15453
Vulnerability identifier: #VU16922
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Email Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features due to improper input validation of S/MIME-signed emails. A remote attacker can send a malicious S/MIME-signed email through a targeted device, trigger memory corruption if Decryption and Verification or Public Key Harvesting is configured and cause the filtering process to crash and restart.
Mitigation
The vulnerability has been addressed in the versions 12.0.0-281, 11.1.1-042, 11.1.1-037, 11.0.2-044.
Vulnerable software versions
Cisco Email Security Appliance: 11 0 1 401 - 11.1.0 131
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
