CVE-2021-34741

Published: Nov 4, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.

Affected (3)

Products: Cisco: Asyncos

Cisco

1 product

Asyncos

Configuration A

3 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Cisco Asyncos	Before 13.0.4
Cisco Asyncos	Version 13.5.3-010
Cisco Asyncos	Version 13.7.0-093

Running on/with	Platform Versions
Cisco M170	All versions
Cisco M190	All versions
Cisco M380	All versions
Cisco M390	All versions
Cisco M390x	All versions
Cisco M680	All versions
Cisco M690	All versions
Cisco M690x	All versions
Cisco S195	All versions
Cisco S395	All versions
Cisco S695	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.