Sign-up

ID

VAR-202009-0495


CVE

CVE-2019-1983


TITLE

Cisco Content Security Management Appliance and Cisco Email Security Appliance Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14806 // CNNVD: CNNVD-202002-989

DESCRIPTION

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. This device is mainly used to manage all policies, reports, audit information, etc. of email and web security devices. AsyncOS Software is a set of operating systems running on it

Trust: 2.25

sources: NVD: CVE-2019-1983 // JVNDB: JVNDB-2020-011709 // CNVD: CNVD-2020-14806 // VULHUB: VHN-152315

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14806

AFFECTED PRODUCTS

vendor:ciscomodel:asyncosscope:gteversion:12.0

Trust: 1.0

vendor:ciscomodel:content security management appliancescope:eqversion:11.4.0-812

Trust: 1.0

vendor:ciscomodel:asyncosscope:lteversion:12.5.0-633

Trust: 1.0

vendor:ciscomodel:email security appliancescope:eqversion:11.0.1-hp5-602

Trust: 1.0

vendor:ciscomodel:email security appliancescope:eqversion:11.1.0-404

Trust: 1.0

vendor:ciscomodel:asyncosscope:ltversion:11.0.3-251

Trust: 1.0

vendor:ciscomodel:asyncosscope:ltversion:11.0.1-161

Trust: 1.0

vendor:ciscomodel:asyncosscope:ltversion:12.5.0-059

Trust: 1.0

vendor:シスコシステムズmodel:cisco コンテンツ セキュリティ管理アプライアンスscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco e メール セキュリティ アプライアンスscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco asyncosscope: - version: -

Trust: 0.8

vendor:ciscomodel:content security management appliancescope: - version: -

Trust: 0.6

vendor:ciscomodel:email security appliancescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14806 // JVNDB: JVNDB-2020-011709 // NVD: CVE-2019-1983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1983
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1983
value: HIGH

Trust: 1.0

NVD: CVE-2019-1983
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14806
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-989
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152315
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1983
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14806
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-152315
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1983
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1983
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1983
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14806 // VULHUB: VHN-152315 // JVNDB: JVNDB-2020-011709 // CNNVD: CNNVD-202002-989 // NVD: CVE-2019-1983 // NVD: CVE-2019-1983

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-152315 // JVNDB: JVNDB-2020-011709 // NVD: CVE-2019-1983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-989

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-989

PATCH

title:cisco-sa-20200219-esa-sma-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-sma-dos

Trust: 0.8

title:Patch for Cisco Content Security Management Appliance and Cisco Email Security Appliance Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/206247

Trust: 0.6

title:Cisco Content Security Management Appliance and Cisco Email Security Appliance Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110041

Trust: 0.6

sources: CNVD: CNVD-2020-14806 // JVNDB: JVNDB-2020-011709 // CNNVD: CNNVD-202002-989

EXTERNAL IDS

db:NVDid:CVE-2019-1983

Trust: 3.1

db:JVNDBid:JVNDB-2020-011709

Trust: 0.8

db:CNNVDid:CNNVD-202002-989

Trust: 0.7

db:CNVDid:CNVD-2020-14806

Trust: 0.6

db:AUSCERTid:ESB-2020.0614

Trust: 0.6

db:VULHUBid:VHN-152315

Trust: 0.1

sources: CNVD: CNVD-2020-14806 // VULHUB: VHN-152315 // JVNDB: JVNDB-2020-011709 // CNNVD: CNNVD-202002-989 // NVD: CVE-2019-1983

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200219-esa-sma-dos

Trust: 2.3

url:https://vigilance.fr/vulnerability/cisco-esa-csma-denial-of-service-via-email-attachments-31639

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1983

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0614/

Trust: 0.6

sources: CNVD: CNVD-2020-14806 // VULHUB: VHN-152315 // JVNDB: JVNDB-2020-011709 // CNNVD: CNNVD-202002-989 // NVD: CVE-2019-1983

SOURCES

db:CNVDid:CNVD-2020-14806
db:VULHUBid:VHN-152315
db:JVNDBid:JVNDB-2020-011709
db:CNNVDid:CNNVD-202002-989
db:NVDid:CVE-2019-1983

LAST UPDATE DATE

2024-11-23T22:16:19.902000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14806date:2020-03-02T00:00:00
db:VULHUBid:VHN-152315date:2020-10-01T00:00:00
db:JVNDBid:JVNDB-2020-011709date:2021-04-12T06:09:00
db:CNNVDid:CNNVD-202002-989date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1983date:2024-11-21T04:37:49.387

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14806date:2020-03-02T00:00:00
db:VULHUBid:VHN-152315date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-011709date:2021-04-12T00:00:00
db:CNNVDid:CNNVD-202002-989date:2020-02-19T00:00:00
db:NVDid:CVE-2019-1983date:2020-09-23T01:15:14.613