Kwetsbaarheid CVE-2018-15453

A Vulnerability In The Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption And Verification Or S/MIME Public Key Harvesting Features Of Cisco AsyncOS Software For Cisco Email Security Appliance (ESA) Could Allow An Unauthenticated, Remote Attacker To Cause An Affected Device To Corrupt System Memory. A Successful Exploit Could Cause The Filtering Process To Unexpectedly Reload, Resulting In A Denial Of Service (DoS) Condition On The Device. The Vulnerability Is Due To Improper Input Validation Of S/MIME-signed Emails. An Attacker Could Exploit This Vulnerability By Sending A Malicious S/MIME-signed Email Through A Targeted Device. If Decryption And Verification Or Public Key Harvesting Is Configured, The Filtering Process Could Crash Due To Memory Corruption And Restart, Resulting In A DoS Condition. The Software Could Then Resume Processing The Same S/MIME-signed Email, Causing The Filtering Process To Crash And Restart Again. A Successful Exploit Could Allow The Attacker To Cause A Permanent DoS Condition. This Vulnerability May Require Manual Intervention To Recover The ESA.

Algemeen

CVE
CVE-2018-15453
Leverancier(s) betrokken
Omschrijving
A Vulnerability In The Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption And Verification Or S/MIME Public Key Harvesting Features Of Cisco AsyncOS Software For Cisco Email Security Appliance (ESA) Could Allow An Unauthenticated, Remote Attacker To Cause An Affected Device To Corrupt System Memory. A Successful Exploit Could Cause The Filtering Process To Unexpectedly Reload, Resulting In A Denial Of Service (DoS) Condition On The Device. The Vulnerability Is Due To Improper Input Validation Of S/MIME-signed Emails. An Attacker Could Exploit This Vulnerability By Sending A Malicious S/MIME-signed Email Through A Targeted Device. If Decryption And Verification Or Public Key Harvesting Is Configured, The Filtering Process Could Crash Due To Memory Corruption And Restart, Resulting In A DoS Condition. The Software Could Then Resume Processing The Same S/MIME-signed Email, Causing The Filtering Process To Crash And Restart Again. A Successful Exploit Could Allow The Attacker To Cause A Permanent DoS Condition. This Vulnerability May Require Manual Intervention To Recover The ESA.
Publicatie
Donderdag, 10 Januari 2019
Gewijzigd
Vrijdag, 11 Januari 2019 15:00
Ernst

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE