CVE-2020-3132

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (affected versions not specified)

Description The issue is related to the email message scanning feature of Cisco AsyncOS Software, which is prone to an uncontrolled consumption of resources. This could allow a remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components, such as a high number of shortened URLs. An attacker could exploit this by sending a malicious email through an affected device, consuming processing resources and causing a DoS condition.

Recommendations To resolve the issue, update the Cisco AsyncOS Software to a version that includes the fix for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.