====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN270
_____________________________________________________________________

DATE                : 21/09/2017

HARDWARE PLATFORM(S): Cisco Email Security Appliance.

OPERATING SYSTEM(S): Cisco AsyncOS Software for Cisco Email Security
                                      Appliances.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
____________________________________________________________________

Cisco Security Advisory: Cisco Email Security Appliance Denial of
Service Vulnerability

Advisory ID: cisco-sa-20170920-esa

Revision: 1.0

For Public Release: 2017 September 20 16:00 GMT

Last Updated: 2017 September 20 16:00 GMT

CVE ID(s): CVE-2017-12215

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the email message filtering feature of Cisco AsyncOS
Software for the Cisco Email Security Appliance could allow an
unauthenticated, remote attacker to cause an affected device to run out
of memory and stop scanning and forwarding email messages. When system
memory is depleted, it can cause the filtering process to crash,
resulting in a denial of service (DoS) condition on the device.

The vulnerability is due to improper input validation of email
attachments that contain corrupted fields. An attacker could exploit
this vulnerability by sending an email message with an attachment that
contains corrupted fields through a targeted device. When the affected
software filters the attachment, the filtering process could crash when
the system runs out of memory and the process restarts, resulting in a
DoS condition. After the filtering process restarts, the software
resumes filtering for the same attachment, causing the filtering
process to crash and restart again. A successful exploit could allow
the attacker to cause a repeated DoS condition.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================