CVE-2020-3164 — MEDIUM (5.3)

Q: How severe is CVE-2020-3164?

CVE-2020-3164 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3164?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Cloud Email Security, Cisco Content Security Management Appliance, Cisco Email Security Appliance, Cisco Web Security Appliance.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Cloud Email Security	<= 13.0.0-392
Cisco	Content Security Management Appliance	< 13.6.0
Cisco	Email Security Appliance	<= 13.0.0-392
Cisco	Web Security Appliance	<= 12.0.1-268

Related Weaknesses (CWE)

CWE-20

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory

FAQ

What is CVE-2020-3164?

CVE-2020-3164 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SM...

How severe is CVE-2020-3164?

CVE-2020-3164 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3164?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Cloud Email Security, Cisco Content Security Management Appliance, Cisco Email Security Appliance, Cisco Web Security Appliance.