CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3132 – Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3132
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3134 – Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3134
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7488
https://notcve.org/view.php?id=CVE-2019-7488
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. Una contraseña predeterminada débil causa vulnerabilidad en el dispositivo SonicWall Email Security, lo que conlleva al atacante a conseguir acceso a la base de datos del dispositivo. Esta vulnerabilidad afectó a Email Security Appliance versión 10.0.2 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014 • CWE-255: Credentials Management Errors CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7489
https://notcve.org/view.php?id=CVE-2019-7489
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. Una vulnerabilidad en el dispositivo SonicWall Email Security, permite a un usuario no autenticado llevar a cabo una ejecución de código remota. Esta vulnerabilidad afectó a Email Security Appliance versión 10.0.2 y anteriores. • https://github.com/nromsdahl/CVE-2019-7489 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0023 • CWE-285: Improper Authorization •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-3827
https://notcve.org/view.php?id=CVE-2017-3827
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233. Una vulnerabilidad en el escáner Multipurpose Internet Mail Extensions (MIME) de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) y Web Security Appliances (WSA) podría permitir a un atacante remoto no autenticado eludir filtros configurados por en usuario en el dispositivo. • http://www.securityfocus.com/bid/96239 http://www.securitytracker.com/id/1037831 http://www.securitytracker.com/id/1037832 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos • CWE-20: Improper Input Validation •