Vigil@nce - Cisco ESA: denial of service via DMARC
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious email with DMARC to Cisco ESA, in
order to trigger a denial of service.
Impacted products: AsyncOS, Cisco ESA.
Severity: 2/4.
Creation date: 16/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco Email Security Appliance product can be configured to
use DMARC (Domain-Based Message Authentication, Reporting, and
Conformance).
However, when an email contains a malformed DMARC policy, a fatal
error occurs in Cisco ESA.
An attacker can therefore send a malicious email with DMARC to
Cisco ESA, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ESA-denial-of-service-via-DMARC-17423