CVE-2020-3181

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) (affected versions not specified)

Description A vulnerability in the malware detection functionality could allow an unauthenticated remote attacker to exhaust resources on an affected device. The issue is due to insufficient control over system memory allocation. An attacker could exploit this by sending a crafted email through the targeted device, potentially causing email processing delays and allowing malware to be delivered to a user.

Recommendations For Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs), consider implementing additional security measures to restrict the impact of crafted emails until a fix is available. As a temporary workaround, consider enhancing email filtering to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.