CVE-2020-3134

CWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 30.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Email Security ApplianceCisco Cisco Email Security Appliance (esa)
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temp

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5cisco/cisco_email_security_appliance_(esa)earlier than 13.0

🔴Vulnerability Details

2
GHSA
GHSA-gf7w-86p9-r93x: [CVE-2020-3134_su] A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an u2022-05-24
CVEList
Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability2020-01-26

💥Exploits & PoCs

1
Nuclei
Grav < 1.7 - Open Redirect

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability2020-01-22