7.8
CVE-2015-6291
- EPSS 1.1%
- Published 06.11.2015 03:59:00
- Last modified 12.04.2025 10:46:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Email Security Appliance Version7.7.0-000
Cisco ≫ Email Security Appliance Version7.7.1-000
Cisco ≫ Email Security Appliance Version8.0_base
Cisco ≫ Email Security Appliance Version8.5.6-052
Cisco ≫ Email Security Appliance Version8.5.6-073
Cisco ≫ Email Security Appliance Version8.5.6-074
Cisco ≫ Email Security Appliance Version8.5.6-106
Cisco ≫ Email Security Appliance Version8.5.6-113
Cisco ≫ Email Security Appliance Version8.5.7-042
Cisco ≫ Email Security Appliance Version8.5_base
Cisco ≫ Email Security Appliance Version9.0.0
Cisco ≫ Email Security Appliance Version9.0.0-212
Cisco ≫ Email Security Appliance Version9.0.0-461
Cisco ≫ Email Security Appliance Version9.0.5-000
Cisco ≫ Email Security Appliance Version9.1.0-032
Cisco ≫ Email Security Appliance Version9.6.0-042
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.1% | 0.771 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.