| Vulnerability Name: | CVE-2019-1947 (CCN-176481) | ||||||||||||
| Assigned: | 2018-12-06 | ||||||||||||
| Published: | 2020-02-19 | ||||||||||||
| Updated: | 2020-10-01 | ||||||||||||
| Summary: | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. | ||||||||||||
| CVSS v3 Severity: | 8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-1947 Source: XF Type: UNKNOWN cisco-cve20191947-dos(176481) Source: CCN Type: Cisco Security Advisory cisco-sa-20200219-esa-dos Cisco Email Security Appliance Denial of Service Vulnerability Source: CISCO Type: Vendor Advisory 20200219 Cisco Email Security Appliance Denial of Service Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||