CVE-2018-15460
Summary
| CVE | CVE-2018-15460 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-10 22:29:00 UTC |
| Updated | 2020-09-16 14:14:00 UTC |
| Description | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Asyncos | All | All | All | All |
| Operating System | Cisco | Asyncos | All | All | All | All |
| Hardware | Cisco | Email Security Appliance | - | All | All | All |
| Hardware | Cisco | Email Security Appliance | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Email Security Appliance CVE-2018-15460 Remote Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.