Sign-up

ID

VAR-202009-0513


CVE

CVE-2019-1947


TITLE

Cisco Email Security Appliance  for  Cisco AsyncOS  Software input verification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011708

DESCRIPTION

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. AsyncOS Software is a set of operating systems running on it

Trust: 2.25

sources: NVD: CVE-2019-1947 // JVNDB: JVNDB-2020-011708 // CNVD: CNVD-2020-14325 // VULHUB: VHN-151919

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14325

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:eqversion:11.1.0-131

Trust: 1.0

vendor:ciscomodel:asyncosscope:eqversion:12.1.0-085

Trust: 1.0

vendor:シスコシステムズmodel:cisco e メール セキュリティ アプライアンスscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco asyncosscope: - version: -

Trust: 0.8

vendor:ciscomodel:email security appliance asyncos softwarescope:eqversion:12.1.0-085

Trust: 0.6

vendor:ciscomodel:email security appliance asyncos softwarescope:eqversion:11.1.0-131

Trust: 0.6

sources: CNVD: CNVD-2020-14325 // JVNDB: JVNDB-2020-011708 // NVD: CVE-2019-1947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1947
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1947
value: HIGH

Trust: 1.0

NVD: CVE-2019-1947
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-14325
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-987
value: HIGH

Trust: 0.6

VULHUB: VHN-151919
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1947
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14325
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151919
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1947
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1947
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-14325 // VULHUB: VHN-151919 // JVNDB: JVNDB-2020-011708 // CNNVD: CNNVD-202002-987 // NVD: CVE-2019-1947 // NVD: CVE-2019-1947

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-151919 // JVNDB: JVNDB-2020-011708 // NVD: CVE-2019-1947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-987

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-987

PATCH

title:cisco-sa-20200219-esa-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-esa-dos

Trust: 0.8

title:Patch for Cisco Email Security Appliance AsyncOS Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205521

Trust: 0.6

title:Cisco Email Security Appliance AsyncOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110239

Trust: 0.6

sources: CNVD: CNVD-2020-14325 // JVNDB: JVNDB-2020-011708 // CNNVD: CNNVD-202002-987

EXTERNAL IDS

db:NVDid:CVE-2019-1947

Trust: 3.1

db:JVNDBid:JVNDB-2020-011708

Trust: 0.8

db:CNNVDid:CNNVD-202002-987

Trust: 0.7

db:CNVDid:CNVD-2020-14325

Trust: 0.6

db:AUSCERTid:ESB-2020.0619

Trust: 0.6

db:VULHUBid:VHN-151919

Trust: 0.1

sources: CNVD: CNVD-2020-14325 // VULHUB: VHN-151919 // JVNDB: JVNDB-2020-011708 // CNNVD: CNNVD-202002-987 // NVD: CVE-2019-1947

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200219-esa-dos

Trust: 2.3

url:https://vigilance.fr/vulnerability/cisco-esa-infinite-loop-via-large-email-attachments-31638

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1947

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0619/

Trust: 0.6

sources: CNVD: CNVD-2020-14325 // VULHUB: VHN-151919 // JVNDB: JVNDB-2020-011708 // CNNVD: CNNVD-202002-987 // NVD: CVE-2019-1947

SOURCES

db:CNVDid:CNVD-2020-14325
db:VULHUBid:VHN-151919
db:JVNDBid:JVNDB-2020-011708
db:CNNVDid:CNNVD-202002-987
db:NVDid:CVE-2019-1947

LAST UPDATE DATE

2024-11-23T22:29:29.293000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14325date:2020-02-28T00:00:00
db:VULHUBid:VHN-151919date:2020-10-01T00:00:00
db:JVNDBid:JVNDB-2020-011708date:2021-04-12T06:09:00
db:CNNVDid:CNNVD-202002-987date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1947date:2024-11-21T04:37:44.757

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14325date:2020-02-28T00:00:00
db:VULHUBid:VHN-151919date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-011708date:2021-04-12T00:00:00
db:CNNVDid:CNNVD-202002-987date:2020-02-19T00:00:00
db:NVDid:CVE-2019-1947date:2020-09-23T01:15:14.520