Details of VAR-202001-1194

ID

VAR-202001-1194

CVE

CVE-2020-3134

TITLE

Cisco Email Security Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001458

DESCRIPTION

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. AsyncOS Software is a set of operating systems running on it

Trust: 1.8

sources: NVD: CVE-2020-3134 // JVNDB: JVNDB-2020-001458 // VULHUB: VHN-181259 // VULMON: CVE-2020-3134

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	lt	version:	13.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco e メールセキュリティアプライアンス	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco e メールセキュリティアプライアンス	scope:	lt	version:	cisco e email security appliance 13.0	Trust: 0.8
vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.7.1-hp2-207	Trust: 0.6
vendor:	cisco	model:	email security appliance	scope:	eq	version:	12.0.0-419	Trust: 0.6
vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.8.5-085	Trust: 0.6
vendor:	cisco	model:	email security appliance	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	email security appliance	scope:	eq	version:	11.1.8-076	Trust: 0.6
vendor:	cisco	model:	email security appliance	scope:	eq	version:	12.5.1-031	Trust: 0.6

sources: JVNDB: JVNDB-2020-001458 // CNNVD: CNNVD-202001-1127 // NVD: CVE-2020-3134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3134
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3134
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3134
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-1127
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181259
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3134
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3134
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181259
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2020-3134
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-3134
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-181259 // VULMON: CVE-2020-3134 // JVNDB: JVNDB-2020-001458 // CNNVD: CNNVD-202001-1127 // NVD: CVE-2020-3134 // NVD: CVE-2020-3134

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181259 // JVNDB: JVNDB-2020-001458 // NVD: CVE-2020-3134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1127

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1127

PATCH

title:	cisco-sa-esa-dos-87mBkc8n	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n	Trust: 0.8
title:	Cisco Email Security Appliance AsyncOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110460	Trust: 0.6
title:	Cisco: Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-esa-dos-87mBkc8n	Trust: 0.1

sources: VULMON: CVE-2020-3134 // JVNDB: JVNDB-2020-001458 // CNNVD: CNNVD-202001-1127

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3134	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-001458	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-1127	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0235	Trust: 0.6
db:	VULHUB	id:	VHN-181259	Trust: 0.1
db:	VULMON	id:	CVE-2020-3134	Trust: 0.1

sources: VULHUB: VHN-181259 // VULMON: CVE-2020-3134 // JVNDB: JVNDB-2020-001458 // CNNVD: CNNVD-202001-1127 // NVD: CVE-2020-3134

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-dos-87mbkc8n	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3134	Trust: 1.4
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-email-sec-xss-ebjxuxwp	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-bypass-5cdv2hma	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-esa-denial-of-service-via-zip-decompression-31411	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0235/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/174934	Trust: 0.1

sources: VULHUB: VHN-181259 // VULMON: CVE-2020-3134 // JVNDB: JVNDB-2020-001458 // CNNVD: CNNVD-202001-1127 // NVD: CVE-2020-3134

SOURCES

db:	VULHUB	id:	VHN-181259
db:	VULMON	id:	CVE-2020-3134
db:	JVNDB	id:	JVNDB-2020-001458
db:	CNNVD	id:	CNNVD-202001-1127
db:	NVD	id:	CVE-2020-3134

LAST UPDATE DATE

2024-11-23T21:35:18.913000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181259	date:	2020-01-28T00:00:00
db:	VULMON	id:	CVE-2020-3134	date:	2020-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-001458	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-1127	date:	2020-03-03T00:00:00
db:	NVD	id:	CVE-2020-3134	date:	2024-11-21T05:30:23.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181259	date:	2020-01-26T00:00:00
db:	VULMON	id:	CVE-2020-3134	date:	2020-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-001458	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-1127	date:	2020-01-26T00:00:00
db:	NVD	id:	CVE-2020-3134	date:	2020-01-26T05:15:17.647