Guest

Preview Tool

Cisco Bug: CSCuw32211 - Cisco Email Security Appliance Max Files Denial of Service Vulnerability

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

8.5.6-106 9.6.0-042

Description (partial)

Symptom:
A vulnerability in file descriptor handling of the Cisco Email Security Appliance (ESA) could 
allow an authenticated, remote attacker to cause a denial of service (DoS) condition due to 
the affected device unexpectedly reloading.

The vulnerability is due to failure to release file descriptors when the requested file action 
is completed. An attacker could exploit this vulnerability by sending a crafted HTTP request to 
the affected device. An exploit could allow the attacker to cause a DoS condition due to the 
affected device failing to release file descriptors. When all file descriptors are in use the 
device can reload unexpectedly

Conditions:
Device running with default configuration running a software version which is greater than
7.6.3.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.