CVE-2020-3132

MEDIUM

Cisco Email Security Appliance < 12.5.1-037 - Unauthenticated Denial of Service via Malicious Email with Shortened URLs

Title source: llm

Description

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA

Scores

CVSS v3 5.9

EPSS 0.0091

EPSS Percentile 76.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (2)

cisco/cloud_email_security < 12.5.1-037

cisco/email_security_appliance < 12.5.1-037

Published Feb 19, 2020

Tracked Since Feb 18, 2026