Vulnerability Description
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Asyncos | < 13.0.4 |
| Cisco | M170 | - |
| Cisco | M190 | - |
| Cisco | M380 | - |
| Cisco | M390 | - |
| Cisco | M390X | - |
| Cisco | M680 | - |
| Cisco | M690 | - |
| Cisco | M690X | - |
| Cisco | S195 | - |
| Cisco | S395 | - |
| Cisco | S695 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eVendor Advisory
FAQ
What is CVE-2021-34741?
CVE-2021-34741 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) ...
How severe is CVE-2021-34741?
CVE-2021-34741 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34741?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asyncos, Cisco M170, Cisco M190, Cisco M380, Cisco M390.