PT-2015-6496 · Cisco · Cisco Email Security Appliance

Publicado

2015-07-16

Atualizado

2018-10-30

CVE-2015-4278

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) devices version 8.5.6-106 Cisco Email Security Appliance (ESA) devices version 9.5.0-201

Description The issue allows remote attackers to cause a denial of service, resulting in a per-domain email reception outage. This can be achieved by placing malformed DMARC policy data in DNS TXT records for a domain.

Recommendations For version 8.5.6-106, update the software to a version that fixes the issue. For version 9.5.0-201, update the software to a version that fixes the issue. As a temporary workaround, consider restricting access to DNS TXT records to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-4278

Produtos afetados

Cisco Email Security Appliance

PT-2015-6496 · Cisco · Cisco Email Security Appliance

CVE-2015-4278

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3