CVE-2015-4278

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 36.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance Firmware

Timeline

PublishedJul 16

Latest updateMay 14

Description

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/email_security_appliance_firmware8.5.6-106, 9.5.0-201+1

🔴Vulnerability Details

GHSA

GHSA-j467-jvch-4wxp: Cisco Email Security Appliance (ESA) devices with software 8↗2022-05-14

▶

CVEList

CVE-2015-4278: Cisco Email Security Appliance (ESA) devices with software 8↗2015-07-16

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability↗2015-07-15

▶