CVE-2018-15453

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.

CVSS v3 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/106511	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:email_security_appliance_firmware:11.0.1-401:::::::*
	cpe:2.3:o:cisco:email_security_appliance_firmware:11.1.0-131:::::::*

History

No history.

Information

Published : 2019-01-10 18:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-15453

Mitre link : CVE-2018-15453

CVE.ORG link : CVE-2018-15453

JSON object : View

Products Affected

cisco

email_security_appliance_firmware

CWE

CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation

{"id": "CVE-2018-15453", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2019-01-10T18:29:00.500", "references": [{"url": "http://www.securityfocus.com/bid/106511", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA."}, {"lang": "es", "value": "Una vulnerabilidad en el descifrado de S/MIME (Secure/Multipurpose Internet Mail Extensions) y la verificaci\u00f3n de caracter\u00edsticas de recopilaci\u00f3n de claves p\u00fablicas de S/MIME de Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) podr\u00eda permitir que un atacante remoto no autenticado provoque que el dispositivo afectado corrompa la memoria del sistema. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el proceso de filtrado se recargue, provocando una denegaci\u00f3n de servicio (DoS) en el dispositivo. La vulnerabilidad se debe a una validaci\u00f3n de entradas incorrecta de los correos electr\u00f3nicos firmados por S/MIME. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un correo electr\u00f3nico firmado por S/MIME a trav\u00e9s de un dispositivo objetivo. Si el descifrado y la verificaci\u00f3n o la recopilaci\u00f3n de claves p\u00fablicas est\u00e1n configurados, el proceso de filtrado podr\u00eda cerrarse inesperadamente debido a la corrupci\u00f3n de memoria y reiniciarse, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). As\u00ed, el software podr\u00eda continuar el procesamiento del mismo correo firmado por S/MIME, provocando que el proceso de filtrado se cierre inesperadamente y se reinicie de nuevo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) permanente. Esta vulnerabilidad podr\u00eda requerir intervenci\u00f3n manual para recuperar ESA."}], "lastModified": "2020-09-16T14:13:44.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:11.0.1-401:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC320954-4C6F-4E31-BF7C-F907891E2E6F"}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:11.1.0-131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F97ED5E-C7B2-4DA7-A6F9-9CE6C210E184"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}