CVE-2020-3181

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 33.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Email Security Appliance (esa)Cisco Email Security Appliance

Timeline

PublishedMar 4

Latest updateMay 24

Description

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device. A successful exploit could allow the attacker to cause an ema…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDcisco/email_security_appliance< 13.0.0

▶CVEListV5cisco/cisco_email_security_appliance_(esa)unspecified — n/a

🔴Vulnerability Details

GHSA

GHSA-76gp-2rvp-j8f4: A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security A↗2022-05-24

▶

CVEList

Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability↗2020-03-04

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability↗2020-03-04

▶