CVE-2019-1983 - OpenCVE

Vendors	Products
Cisco	Asyncos Content Security Management Appliance Email Security Appliance

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos

{"containers": {"cna": {"affected": [{"product": "Cisco Email Security Appliance (ESA)", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-23T00:25:56", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200219 Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos"}], "source": {"advisory": "cisco-sa-20200219-esa-sma-dos", "defect": [["CSCvo89182", "CSCvo89192"]], "discovery": "INTERNAL"}, "title": "Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-19T16:00:00", "ID": "CVE-2019-1983", "STATE": "PUBLIC", "TITLE": "Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Email Security Appliance (ESA)", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "20200219 Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos"}]}, "source": {"advisory": "cisco-sa-20200219-esa-sma-dos", "defect": [["CSCvo89182", "CSCvo89192"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:52.379Z"}, "title": "CVE Program Container", "references": [{"name": "20200219 Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1983", "datePublished": "2020-09-23T00:25:56.648526Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T20:22:43.430Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:11.4.0-812:*:*:*:*:*:*:*", "matchCriteriaId": "81DCBF8D-3CE7-430F-A12D-4469FB18433E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9C2DF32-0AC3-4AD9-B694-10415A3DE1AF", "versionEndExcluding": "11.0.1-161", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF718934-B8EC-4412-B94D-84375546997A", "versionEndIncluding": "12.5.0-633", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:11.0.1-hp5-602:*:*:*:*:*:*:*", "matchCriteriaId": "EC1116D0-741E-4E64-BA4A-A1A58EF8C583", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:11.1.0-404:*:*:*:*:*:*:*", "matchCriteriaId": "DC71A74D-98EC-4D52-9C57-36B0C38530DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B1E5FC6-C1BC-43BF-A86D-C75A9E9EDA3A", "versionEndExcluding": "11.0.3-251", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "74AEAEC6-0E7A-4A10-8169-1E6DBC359390", "versionEndExcluding": "12.5.0-059", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de filtrado de mensajes de correo electr\u00f3nico de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA) y Cisco Content Security Management Appliance (SMA), podr\u00eda permitir a un atacante remoto no autenticado causar bloqueos repetidos en algunos procesos internos que son ejecutados en los dispositivos afectados, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los archivos adjuntos de correo electr\u00f3nico. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un mensaje de correo electr\u00f3nico con un archivo adjunto dise\u00f1ado por medio de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que procesos espec\u00edficos se bloqueen de manera repetida, resultando en la indisponibilidad total tanto de Cisco Advanced Malware Protection (AMP) como de las funcionalidades de seguimiento de mensajes y en una degradaci\u00f3n severa del rendimiento mientras se procesa el correo electr\u00f3nico. Una vez que los procesos afectados se reinician, el software reanuda el filtrado del mismo archivo adjunto, lo que hace que los procesos afectados se bloqueen y se reinicien nuevamente. Una explotaci\u00f3n con \u00e9xito tambi\u00e9n podr\u00eda permitir al atacante causar una condici\u00f3n DoS repetida. Puede ser requerida una intervenci\u00f3n manual para recuperarse de esta situaci\u00f3n"}], "id": "CVE-2019-1983", "lastModified": "2020-10-01T14:59:14.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-23T01:15:14.613", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object