CVE-2020-3134

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliance versions prior to 13.0

Description A vulnerability in the zip decompression engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to improper validation of zip files. An attacker could exploit this by sending an email message with a crafted zip-compressed attachment, potentially triggering a restart of the content-scanning process and causing a temporary DoS condition.

Recommendations For versions prior to 13.0, update to version 13.0 or later to resolve the issue. As a temporary workaround, consider restricting the handling of zip-compressed attachments to minimize the risk of exploitation.