CVE-2018-15453

CWE-20Improper Input ValidationCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.6HIGH
EPSS
0.3%
top 47.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Email Security Appliance (esa)Cisco Email Security Appliance Firmware
Timeline
PublishedJan 10
Latest updateMay 13

Description

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/email_security_appliance_firmware11.0.1-401, 11.1.0-131+1

🔴Vulnerability Details

2
GHSA
GHSA-62wx-gppg-6grr: A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of C2022-05-13
CVEList
Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability2019-01-10

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability2019-01-09
CVE-2018-15453 (HIGH CVSS 8.6) | A vulnerability in the Secure/Multi | cvebase.io