CVE-2021-34741

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) (affected versions not specified)

Description The issue is related to insufficient input validation of incoming emails in the email scanning algorithm of Cisco AsyncOS software. This could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device by sending a crafted email. A successful exploit could exhaust all available CPU resources on an affected device for an extended period, preventing other emails from being processed and resulting in a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-20

Related Identifiers

BDU:2021-05707

CVE-2021-34741

Affected Products

Cisco Asyncos

Cisco Email Security Appliance

CVE-2021-34741

Weakness Enumeration

Related Identifiers

Affected Products

References · 4