Cisco Bug: CSCuw32211 - Cisco Email Security Appliance Max Files Denial of Service Vulnerability
Mar 07, 2018
- Cisco Email Security Appliance
Known Affected Releases
Symptom: A vulnerability in file descriptor handling of the Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition due to the affected device unexpectedly reloading. The vulnerability is due to failure to release file descriptors when the requested file action is completed. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the affected device failing to release file descriptors. When all file descriptors are in use the device can reload unexpectedly Conditions: Device running with default configuration running a software version which is greater than 7.6.3.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases