CVE-2018-15453

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) (affected versions not specified)

Description The issue is related to improper input validation of S/MIME-signed emails in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software. This could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the device by sending a malicious S/MIME-signed email, potentially leading to a permanent DoS condition. The filtering process may crash and restart due to memory corruption, requiring manual intervention to recover the ESA.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.