Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3164

Опубликовано: 04 мар. 2020
Источник: nvd
CVSS3: 5.3
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:cloud_email_security:*:*:*:*:*:*:*:*
Версия до 13.0.0-392 (включая)
cpe:2.3:a:cisco:content_security_management_appliance:*:*:*:*:*:*:*:*
Версия до 13.6.0 (исключая)
cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*
Версия до 13.0.0-392 (включая)
cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*
Версия до 12.0.1-268 (включая)

EPSS

Процентиль: 74%
0.00813
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-2whj-38mw-g8jm

github
больше 3 лет назад

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

fstec логотип

BDU:2020-01156

CVSS3: 5.3
fstec
почти 6 лет назад

Уязвимость функции фильтрации сообщений программного обеспечения Cisco AsyncOS для систем обеспечения безопасности электронной почты Cisco Email Security Appliance, системы управления защитой контента Cisco Content Security Management Appliance, интернет-шлюзов Cisco Web Security Appliance позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 74%
0.00813
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-20