Security News > 2019 > January > Cisco fixes serious DoS flaws in its email security appliances
2019-01-10 10:09
Cisco has plugged a heap of security holes in many of its products, including two vulnerabilities (one critical) that open its email security appliances to denial of service attacks. About the vulnerabilities Both vulnerabilities affect the Cisco AsyncOS Software for Cisco Email Security Appliances, and can be exploited remotely by unauthenticated attackers. CVE-2018-15453 can be exploited by sending a malicious S/MIME-signed email through a targeted device. “If Decryption and Verification or Public Key Harvesting is … More → The post Cisco fixes serious DoS flaws in its email security appliances appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/G7IAjpj1q7o/
Related news
- Email security trends in the energy and infrastructure sector (source)
- Security Vulnerability of HTML Emails (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-15453 | Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131 A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. | 7.8 |