CVE-2015-6291
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.
Cisco AsyncOS en versiones anteriores a 8.5.7-043, 9.x en versiones anteriores a 9.1.1-023 y 9.5.x y 9.6.x en versiones anteriores a 9.6.0-046 en dispositivos Email Security Appliance (ESA) no maneja correctamente los campos mal formados durante el filtrado body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match y attachment-dictionary-match, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un archivo adjunto manipulado en un mensaje de correo electrónico, también conocido como Bug ID CSCuv47151.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-17 CVE Reserved
- 2015-11-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1034064 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2 | 2016-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 7.7.0-000 Search vendor "Cisco" for product "Email Security Appliance" and version "7.7.0-000" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 7.7.1-000 Search vendor "Cisco" for product "Email Security Appliance" and version "7.7.1-000" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.0_base Search vendor "Cisco" for product "Email Security Appliance" and version "8.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.6-052 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.6-052" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.6-073 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.6-073" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.6-074 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.6-074" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.6-106 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.6-106" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.6-113 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.6-113" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5.7-042 Search vendor "Cisco" for product "Email Security Appliance" and version "8.5.7-042" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 8.5_base Search vendor "Cisco" for product "Email Security Appliance" and version "8.5_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.0.0 Search vendor "Cisco" for product "Email Security Appliance" and version "9.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.0.0-212 Search vendor "Cisco" for product "Email Security Appliance" and version "9.0.0-212" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.0.0-461 Search vendor "Cisco" for product "Email Security Appliance" and version "9.0.0-461" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.0.5-000 Search vendor "Cisco" for product "Email Security Appliance" and version "9.0.5-000" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.1.0-032 Search vendor "Cisco" for product "Email Security Appliance" and version "9.1.0-032" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Email Security Appliance Search vendor "Cisco" for product "Email Security Appliance" | 9.6.0-042 Search vendor "Cisco" for product "Email Security Appliance" and version "9.6.0-042" | - |
Affected
| ||||||