var-201709-0678
Vulnerability from variot
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. Vendors have confirmed this vulnerability Bug ID CSCvd29354 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AsyncOS Software is the operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 9.0, Release 9.1, Release 9.6, Release 9.7, Release 9.8, Release 10.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.8"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.2"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ironport messaging gateway appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x10709.7.2-065"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.2-065"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.1-087"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.8.1-015"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.0-264"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.2-020"
}
],
"sources": [
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:asyncos:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "100920"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12215",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102715",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12215",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12215",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102715",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-12215",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. Vendors have confirmed this vulnerability Bug ID CSCvd29354 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AsyncOS Software is the operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 9.0, Release 9.1, Release 9.6, Release 9.7, Release 9.8, Release 10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12215",
"trust": 2.9
},
{
"db": "BID",
"id": "100920",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1039414",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102715",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"id": "VAR-201709-0678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
}
],
"trust": 0.6885088899999999
},
"last_update_date": "2023-12-18T13:19:21.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170920-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-esa"
},
{
"title": "Cisco Email Security Appliance AsyncOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75053"
},
{
"title": "Cisco: Cisco Email Security Appliance Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170920-esa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-esa"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100920"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1039414"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12215"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12215"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-102715"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100920"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"date": "2017-09-21T05:29:00.277000",
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102715"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100920"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"date": "2019-10-09T23:22:29.450000",
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Email Security Appliance for AsyncOS Software input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.