Security News > 2019 > January > Cisco fixes serious DoS flaws in its email security appliances

Cisco fixes serious DoS flaws in its email security appliances
2019-01-10 10:09

Cisco has plugged a heap of security holes in many of its products, including two vulnerabilities (one critical) that open its email security appliances to denial of service attacks. About the vulnerabilities Both vulnerabilities affect the Cisco AsyncOS Software for Cisco Email Security Appliances, and can be exploited remotely by unauthenticated attackers. CVE-2018-15453 can be exploited by sending a malicious S/MIME-signed email through a targeted device. “If Decryption and Verification or Public Key Harvesting is … More → The post Cisco fixes serious DoS flaws in its email security appliances appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/G7IAjpj1q7o/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-01-10 CVE-2018-15453 Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory.
network
low complexity
cisco CWE-787
8.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749