CVE-2017-12215
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354.
Una vulnerabilidad en la característica de filtrado de mensajes de correo de Cisco AsyncOS Software para Cisco Email Security Appliance podría permitir a un atacante autenticado remoto provocar que el dispositivo afectado agote su memoria y deje de escanear y reenviar mensajes de correo. Agotar la memoria del sistema puede provocar el cierre inesperado del proceso de filtrado, resultando en una denegación de servicio (DoS) en el dispositivo. Esta vulnerabilidad afecta desde la versión de software 9.0 hasta la primera distribución corregida de Cisco AsyncOS Software para Cisco Email Security Appliances, tanto para máquinas virtuales como físicas, si el software se configura para aplicar un filtro de mensaje o de contenido a los archivos adjuntos de email entrantes. Esta vulnerabilidad no se limita a reglas o acciones específicas para un filtro de mensaje o de contenido. Cisco Bug IDs: CSCvd29354.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-03 CVE Reserved
- 2017-09-21 CVE Published
- 2024-02-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100920 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039414 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.0 Search vendor "Cisco" for product "Asyncos" and version "9.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.1 Search vendor "Cisco" for product "Asyncos" and version "9.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.1.2 Search vendor "Cisco" for product "Asyncos" and version "9.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.5 Search vendor "Cisco" for product "Asyncos" and version "9.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.6 Search vendor "Cisco" for product "Asyncos" and version "9.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.7 Search vendor "Cisco" for product "Asyncos" and version "9.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Asyncos Search vendor "Cisco" for product "Asyncos" | 9.8 Search vendor "Cisco" for product "Asyncos" and version "9.8" | - |
Affected
| ||||||