CVE-2021-34741

Summary

CVE	CVE-2021-34741
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-04 16:15:00 UTC
Updated	2023-11-07 03:36:00 UTC
Description	A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.

Risk And Classification

Problem Types: CWE-770

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Asyncos	All	All	All	All
Operating System	Cisco	Asyncos	13.5.3-010	All	All	All
Operating System	Cisco	Asyncos	13.7.0-093	All	All	All
Hardware	Cisco	M170	-	All	All	All
Hardware	Cisco	M190	-	All	All	All
Hardware	Cisco	M380	-	All	All	All
Hardware	Cisco	M390	-	All	All	All
Hardware	Cisco	M390x	-	All	All	All
Hardware	Cisco	M680	-	All	All	All
Hardware	Cisco	M690	-	All	All	All
Hardware	Cisco	M690x	-	All	All	All
Hardware	Cisco	S195	-	All	All	All
Hardware	Cisco	S395	-	All	All	All
Hardware	Cisco	S695	-	All	All	All

References

Reference	Source	Link	Tags
Cisco Email Security Appliance Denial of Service Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317110 Cisco Email Security Appliance (ESA) Denial of Service (DoS) Vulnerability (cisco-sa-esa-dos-JOm9ETfO)