PT-2015-6476 · Cisco · Cisco Asyncos+1

Publicado

2015-07-10

Atualizado

2018-10-30

CVE-2015-4236

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS on Email Security Appliance (ESA) devices versions 8.5.6-073 through 8.5.6-074 Cisco AsyncOS on Email Security Appliance (ESA) devices version 9.0.0-461

Description The issue allows remote attackers to cause a denial of service, resulting in clustering and SSH outage, via a packet flood when clustering is enabled.

Recommendations For versions 8.5.6-073 and 8.5.6-074, consider disabling clustering as a temporary workaround until a patch is available. For version 9.0.0-461, consider restricting SSH access to minimize the risk of exploitation. As a general mitigation measure, implement rate limiting on incoming packets to prevent flooding.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2015-4236

Produtos afetados

Cisco Asyncos

Email Security Appliance

PT-2015-6476 · Cisco · Cisco Asyncos+1

CVE-2015-4236

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4