CVE-2022-20653

{"id": "CVE-2022-20653", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-17T15:15:09.377", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de verificaci\u00f3n de correo electr\u00f3nico DANE (DNS-based Authentication of Named Entities) del software Cisco AsyncOS para Cisco Email Security Appliance (ESA) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido a un manejo insuficiente de errores en la resoluci\u00f3n de nombres DNS por parte del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de mensajes de correo electr\u00f3nico con un formato especial que sean procesados por un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar a el dispositivo volverse inalcanzable desde las interfaces de administraci\u00f3n o procesar mensajes de correo electr\u00f3nico adicionales durante un per\u00edodo de tiempo hasta que el dispositivo sea recuperado, resultando en una condici\u00f3n de DoS. Los ataques continuados podr\u00edan causar que el dispositivo quedara completamente inaccesible, resultando en una condici\u00f3n de DoS persistente"}], "lastModified": "2023-11-07T03:42:32.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B4174B-CF51-4C89-A45D-98D2373F7A68", "versionEndExcluding": "13.0.3"}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F7EB41-5A39-41A4-A652-1446DB2CFAE1", "versionEndExcluding": "13.5.4.102", "versionStartIncluding": "13.5.0"}, {"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E678E750-A5A0-4450-A856-A6A30F204A85", "versionEndExcluding": "14.0.2.020", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}