Page 3 of 13 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. Una vulnerabilidad en la interfaz de administración basada en web de Email Security Appliance (ESA) y Content Security Management Appliance (SMA) de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site-scripting (XSS) contra un usuario de la interfaz de administración basada en web de un dispositivo afectado, también se conoce como XSS de Rastreo de Mensajes. Más información: CSCvd30805 CSCvd34861. • http://www.securityfocus.com/bid/98950 http://www.securitytracker.com/id/1038637 http://www.securitytracker.com/id/1038638 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •