CVE-2017-12215 — Improper Input Validation in Cisco Email Security Appliance

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.9%

top 24.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance Cisco Asyncos

Timeline

PublishedSep 21

Latest updateMay 13

Description

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco Asyn…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.5 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_email_security_applianceCisco Email Security Appliance

▶NVDcisco/asyncos7 versions+6

🔴Vulnerability Details

GHSA

GHSA-wx6j-j2jv-h7c4: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated↗2022-05-13

▶

CVEList

CVE-2017-12215: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated↗2017-09-21

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Denial of Service Vulnerability↗2017-09-20

▶