Sign-up

ID

VAR-202202-1728


CVE

CVE-2022-20653


TITLE

Cisco Email  for security appliances  Cisco AsyncOS  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-005869

DESCRIPTION

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition

Trust: 1.8

sources: NVD: CVE-2022-20653 // JVNDB: JVNDB-2022-005869 // VULHUB: VHN-405206 // VULMON: CVE-2022-20653

AFFECTED PRODUCTS

vendor:ciscomodel:asyncosscope:ltversion:13.5.4.102

Trust: 1.0

vendor:ciscomodel:asyncosscope:ltversion:13.0.3

Trust: 1.0

vendor:ciscomodel:asyncosscope:gteversion:13.5.0

Trust: 1.0

vendor:ciscomodel:asyncosscope:gteversion:14.0

Trust: 1.0

vendor:ciscomodel:asyncosscope:ltversion:14.0.2.020

Trust: 1.0

vendor:シスコシステムズmodel:cisco asyncosscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco asyncosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005869 // NVD: CVE-2022-20653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20653
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20653
value: HIGH

Trust: 1.0

NVD: CVE-2022-20653
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-1312
value: HIGH

Trust: 0.6

VULHUB: VHN-405206
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20653
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20653
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405206
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405206 // VULMON: CVE-2022-20653 // JVNDB: JVNDB-2022-005869 // CNNVD: CNNVD-202202-1312 // NVD: CVE-2022-20653 // NVD: CVE-2022-20653

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005869 // NVD: CVE-2022-20653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1312

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1312

PATCH

title:cisco-sa-esa-dos-MxZvGtgUurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU

Trust: 0.8

title:Cisco Email Security Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183896

Trust: 0.6

title:Cisco: Cisco Email Security Appliance DNS Verification Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-esa-dos-MxZvGtgU

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20653 // JVNDB: JVNDB-2022-005869 // CNNVD: CNNVD-202202-1312

EXTERNAL IDS

db:NVDid:CVE-2022-20653

Trust: 3.4

db:JVNDBid:JVNDB-2022-005869

Trust: 0.8

db:CS-HELPid:SB2022021621

Trust: 0.6

db:AUSCERTid:ESB-2022.0688.3

Trust: 0.6

db:CNNVDid:CNNVD-202202-1312

Trust: 0.6

db:CNVDid:CNVD-2022-13368

Trust: 0.1

db:VULHUBid:VHN-405206

Trust: 0.1

db:VULMONid:CVE-2022-20653

Trust: 0.1

sources: VULHUB: VHN-405206 // VULMON: CVE-2022-20653 // JVNDB: JVNDB-2022-005869 // CNNVD: CNNVD-202202-1312 // NVD: CVE-2022-20653

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-dos-mxzvgtgu

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20653

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-email-security-appliance-denial-of-service-via-email-dane-dns-verification-37580

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021621

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0688.3

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405206 // VULMON: CVE-2022-20653 // JVNDB: JVNDB-2022-005869 // CNNVD: CNNVD-202202-1312 // NVD: CVE-2022-20653

SOURCES

db:VULHUBid:VHN-405206
db:VULMONid:CVE-2022-20653
db:JVNDBid:JVNDB-2022-005869
db:CNNVDid:CNNVD-202202-1312
db:NVDid:CVE-2022-20653

LAST UPDATE DATE

2024-11-23T21:32:47.303000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405206date:2022-02-25T00:00:00
db:VULMONid:CVE-2022-20653date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-005869date:2023-06-16T02:27:00
db:CNNVDid:CNNVD-202202-1312date:2022-03-10T00:00:00
db:NVDid:CVE-2022-20653date:2024-11-21T06:43:14.950

SOURCES RELEASE DATE

db:VULHUBid:VHN-405206date:2022-02-17T00:00:00
db:VULMONid:CVE-2022-20653date:2022-02-17T00:00:00
db:JVNDBid:JVNDB-2022-005869date:2023-06-16T00:00:00
db:CNNVDid:CNNVD-202202-1312date:2022-02-16T00:00:00
db:NVDid:CVE-2022-20653date:2022-02-17T15:15:09.377