Sign-up

ID

VAR-202003-1179


CVE

CVE-2020-3181


TITLE

Cisco Email Security Appliance Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-15731 // CNNVD: CNNVD-202003-168

DESCRIPTION

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device. A successful exploit could allow the attacker to cause an email attachment that contains malware to be delivered to a user and cause email processing delays. Cisco Email Security Appliances (ESAs) Exists in a resource exhaustion vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Cisco Email Security Appliance (ESA) is an email security appliance from Cisco Corporation in the United States. AsyncOS Software is a set of operating systems running on it

Trust: 2.25

sources: NVD: CVE-2020-3181 // JVNDB: JVNDB-2020-002420 // CNVD: CNVD-2020-15731 // VULHUB: VHN-181306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15731

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:ltversion:13.0.0

Trust: 1.0

vendor:ciscomodel:e email security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:email security appliancescope: - version: -

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:9.7.1-hp2-207

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.0.0-419

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:13.0

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:9.8.5-085

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.5.1-037

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:11.1.8-076

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.5.1-031

Trust: 0.6

sources: CNVD: CNVD-2020-15731 // JVNDB: JVNDB-2020-002420 // CNNVD: CNNVD-202003-168 // NVD: CVE-2020-3181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3181
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3181
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002420
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-15731
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-168
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3181
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002420
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15731
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181306
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3181
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3181
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002420
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15731 // VULHUB: VHN-181306 // JVNDB: JVNDB-2020-002420 // CNNVD: CNNVD-202003-168 // NVD: CVE-2020-3181 // NVD: CVE-2020-3181

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-181306 // JVNDB: JVNDB-2020-002420 // NVD: CVE-2020-3181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-168

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202003-168

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002420

PATCH
title:cisco-sa-esa-resource-exhaust-D7RQAhnDurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-resource-exhaust-D7RQAhnD
Trust: 0.8
title:Patch for Cisco Email Security Appliance Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/207435
Trust: 0.6
title:Cisco Email Security Appliance Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111105
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15731 // 
            
            
            
            JVNDB: JVNDB-2020-002420 // 
            
            
            
            CNNVD: CNNVD-202003-168

EXTERNAL IDS
db:NVDid:CVE-2020-3181
Trust: 3.1
db:JVNDBid:JVNDB-2020-002420
Trust: 0.8
db:CNNVDid:CNNVD-202003-168
Trust: 0.7
db:CNVDid:CNVD-2020-15731
Trust: 0.6
db:AUSCERTid:ESB-2020.0801.2
Trust: 0.6
db:VULHUBid:VHN-181306
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-15731 // 
            
            
            
            VULHUB: VHN-181306 // 
            
            
            
            JVNDB: JVNDB-2020-002420 // 
            
            
            
            CNNVD: CNNVD-202003-168 // 
            
            
            
            NVD: CVE-2020-3181

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-resource-exhaust-d7rqahnd
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3181
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3181
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-esa-overload-via-amp-31728
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0801.2/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15731 // 
            
            
            
            VULHUB: VHN-181306 // 
            
            
            
            JVNDB: JVNDB-2020-002420 // 
            
            
            
            CNNVD: CNNVD-202003-168 // 
            
            
            
            NVD: CVE-2020-3181

SOURCES
db:CNVDid:CNVD-2020-15731
db:VULHUBid:VHN-181306
db:JVNDBid:JVNDB-2020-002420
db:CNNVDid:CNNVD-202003-168
db:NVDid:CVE-2020-3181

LAST UPDATE DATE
2024-11-23T21:36:02.272000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15731date:2020-03-06T00:00:00
db:VULHUBid:VHN-181306date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2020-002420date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-168date:2020-03-13T00:00:00
db:NVDid:CVE-2020-3181date:2024-11-21T05:30:29.790

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15731date:2020-03-06T00:00:00
db:VULHUBid:VHN-181306date:2020-03-04T00:00:00
db:JVNDBid:JVNDB-2020-002420date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-168date:2020-03-04T00:00:00
db:NVDid:CVE-2020-3181date:2020-03-04T19:15:13.167