CVE-2015-6285Use of Externally-Controlled Format String in Cisco Email Security Appliance

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.4%
top 36.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance
Timeline
PublishedSep 14
Latest updateMay 17

Description

Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDcisco/email_security_appliance7.6.0, 8.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-cwqw-mv4m-vqgq: Format string vulnerability in Cisco Email Security Appliance (ESA) 72022-05-17
CVEList
CVE-2015-6285: Format string vulnerability in Cisco Email Security Appliance (ESA) 72015-09-14

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Format String Vulnerability2015-09-09
CVE-2015-6285 — Cisco vulnerability | cvebase