var-202003-1177
Vulnerability from variot
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded. are all products of Cisco in the United States. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices. AsyncOS Software is a set of operating systems running in it. The device provides SaaS-based access control, real-time network reporting and tracking, and formulating security policies.
AsyncOS web management interface in many Cisco products has an input verification error vulnerability, which stems from the failure to properly verify the HTTP request header. The following products and versions are affected: Cisco ESA 13.0.0-392 and earlier (Release); Cisco Cloud Email Security 13.0.0-392 and earlier (Release); Cisco WSA 12.0.1-268 and earlier (Release) ; Cisco SMA 13.6.0 and earlier versions (Release)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cloud email security",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "13.0.0-392"
},
{
"model": "web security appliance",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0.1-268"
},
{
"model": "email security appliance",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "13.0.0-392"
},
{
"model": "content security management appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "13.6.0"
},
{
"model": "cloud email security",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=13.0.0-392"
},
{
"model": "cloud email security",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=13.0.0-392"
},
{
"model": "web security appliance",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=12.0.1-268"
},
{
"model": "content security management appliance",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=13.6.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:cloud_email_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.0-392",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.0-392",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.1-268",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3164"
}
]
},
"cve": "CVE-2020-3164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002425",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-32909",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-181289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002425",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002425",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-32909",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-184",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded. are all products of Cisco in the United States. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices. AsyncOS Software is a set of operating systems running in it. The device provides SaaS-based access control, real-time network reporting and tracking, and formulating security policies. \n\r\n\r\nAsyncOS web management interface in many Cisco products has an input verification error vulnerability, which stems from the failure to properly verify the HTTP request header. The following products and versions are affected: Cisco ESA 13.0.0-392 and earlier (Release); Cisco Cloud Email Security 13.0.0-392 and earlier (Release); Cisco WSA 12.0.1-268 and earlier (Release) ; Cisco SMA 13.6.0 and earlier versions (Release)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3164",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-32909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0800",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47392",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181289",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"id": "VAR-202003-1177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
}
],
"trust": 1.1339435199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
}
]
},
"last_update_date": "2023-12-18T13:47:34.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cont-sec-gui-dos-nJ625dXb",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cont-sec-gui-dos-nj625dxb"
},
{
"title": "Patch for Multiple Cisco products AsyncOS input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221575"
},
{
"title": "Multiple Cisco product AsyncOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111118"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3164"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cont-sec-gui-dos-nj625dxb"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3164"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asyncos-overload-via-http-request-headers-31727"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0800/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"db": "VULHUB",
"id": "VHN-181289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-181289"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"date": "2020-03-04T19:15:12.930000",
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"date": "2020-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32909"
},
{
"date": "2020-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-181289"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002425"
},
{
"date": "2020-03-05T16:36:47.640000",
"db": "NVD",
"id": "CVE-2020-3164"
},
{
"date": "2020-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002425"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-184"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.