CVE-2019-1983

CWE-20 — Improper Input Validation8 documents7 sources

Severity

5.3MEDIUM

EPSS

0.6%

top 31.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Asyncos Cisco Cisco Email Security Appliance (esa)Cisco Content Security Management Appliance +1 more

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sen…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/email_security_appliance11.0.1-hp5-602, 11.1.0-404+1

▶CVEListV5cisco/cisco_email_security_appliance_(esa)n/a

▶NVDcisco/content_security_management_appliance11.4.0-812

▶NVDcisco/asyncos12.0 — 12.5.0-059+3

🔴Vulnerability Details

GHSA

GHSA-v6r4-c6r4-r649: A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security M↗2022-05-24

▶

CVEList

Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability↗2020-09-23

▶

📋Vendor Advisories

Red Hat

krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp client↗2021-02-02

▶

Jenkins

Jenkins Security Advisory 2020-08-17↗2020-08-17

▶

Cisco

Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability↗2020-02-19

▶

Red Hat

openssh: Improper validation of object names allows malicious server to overwrite files via scp client↗2018-11-16

▶