CVE-2022-20960

CWE-400Uncontrolled Resource ConsumptionCWE-295Improper Certificate Validation4 documents4 sources
Severity
7.5HIGH
EPSS
1.1%
top 21.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Email Security ApplianceCisco Cisco Secure Email
Timeline
PublishedNov 4

Description

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/email_security_appliance14.3.014.3.0-020+1
CVEListV5cisco/cisco_secure_email13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-m7jq-xvr4-f7xc: A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of2022-11-04
CVEList
CVE-2022-20960: A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of2022-11-03

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Denial of Service Vulnerability2022-11-02