Cisco ESA TLS DoS Vulnerability (CVSS 5.3)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Type: Denial of Service (DoS). - Vulnerability Cause: A vulnerability exists in the implementation of the Transport Layer Security (TLS) protocol, which allows unauthorized remote attackers to exploit it and cause high CPU usage on affected devices, leading to service disruption. - Vulnerability Impact: The vulnerability may enable attackers to trigger a state of high CPU utilization on the device, resulting in slower response times and degraded overall performance. 2. Affected Products: - Affected Software Versions: Cisco Email Security Appliance (ESA) software versions 13.5.1-277 and earlier. - Affected Hardware: No hardware-specific impact mentioned. 3. Workarounds: - Workaround Description: No workarounds are available to mitigate this vulnerability. 4. Remediation: - Recommended Action: It is recommended to regularly check Cisco’s security advisories to determine exposure and obtain complete upgrade solutions. - Precautions: When upgrading devices, ensure sufficient memory is available and verify that the current hardware and software configurations are supported in the new version. 5. Vulnerability Discovery: - Discovery Method: The vulnerability was discovered during internal security testing. 6. Related Links: - Vulnerability Details: Link to the detailed vulnerability page. 表 - Security Policy: Link to Cisco’s security vulnerability disclosure policy page. 7. Rating: - Severity Rating: Medium. - CVSS Score: Based on CVSS 3.1, the score is 5.3. 8. Legal Disclaimer: - Disclaimer: This document is provided "AS IS" without any warranty or guarantee, including but not limited to implied warranties of merchantability or fitness for a particular purpose. The risk of using this document or any materials linked to it is solely borne by the user. Cisco reserves the right to modify or update this document at any time. This information helps users understand the severity of the vulnerability, the scope of affected products, and the steps to take to address or mitigate the vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ESA TLS DoS Vulnerability (CVSS 5.3)