Sign-up

ID

VAR-201507-0524


CVE

CVE-2015-4236


TITLE

Cisco Email Security Appliance Run on device AsyncOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003551

DESCRIPTION

Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. A security vulnerability exists in Cisco AsyncOS for Cisco ESA devices. An attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug IDs CSCur13704, CSCuq05636, CSCuv43307, and CSCuv99383. The title has been changed to better reflect the underlying components affected. The following releases are affected: Cisco ESA appliances using Release 8.5.6-073, Release 8.5.6-074, and Release 9.0.0-461 software

Trust: 2.61

sources: NVD: CVE-2015-4236 // JVNDB: JVNDB-2015-003551 // CNVD: CNVD-2015-04473 // BID: 75703 // VULHUB: VHN-82197 // VULMON: CVE-2015-4236

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04473

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:eqversion:8.5.6-073

Trust: 2.8

vendor:ciscomodel:email security appliancescope:eqversion:9.0.0-461

Trust: 2.8

vendor:ciscomodel:email security appliancescope:eqversion:8.5.6-074

Trust: 2.2

vendor:ciscomodel:e email security the appliancescope:eqversion:none

Trust: 0.8

vendor:ciscomodel:e email security the appliancescope:eqversion:software 8.5.6-073

Trust: 0.8

vendor:ciscomodel:e email security the appliancescope:eqversion:software 8.5.6-074

Trust: 0.8

vendor:ciscomodel:e email security the appliancescope:eqversion:software 9.0.0-461

Trust: 0.8

sources: CNVD: CNVD-2015-04473 // JVNDB: JVNDB-2015-003551 // CNNVD: CNNVD-201507-338 // NVD: CVE-2015-4236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4236
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4236
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04473
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-338
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82197
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-4236
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4236
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-04473
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82197
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04473 // VULHUB: VHN-82197 // VULMON: CVE-2015-4236 // JVNDB: JVNDB-2015-003551 // CNNVD: CNNVD-201507-338 // NVD: CVE-2015-4236

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-82197 // JVNDB: JVNDB-2015-003551 // NVD: CVE-2015-4236

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-338

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201507-338

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003551

PATCH
title:39785url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39785
Trust: 0.8
title:Patch for Cisco Email Security Appliance AsyncOS Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60778
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04473 // 
            
            
            
            JVNDB: JVNDB-2015-003551

EXTERNAL IDS
db:NVDid:CVE-2015-4236
Trust: 3.5
db:BIDid:75703
Trust: 1.5
db:SECTRACKid:1032855
Trust: 1.2
db:JVNDBid:JVNDB-2015-003551
Trust: 0.8
db:CNNVDid:CNNVD-201507-338
Trust: 0.7
db:CNVDid:CNVD-2015-04473
Trust: 0.6
db:VULHUBid:VHN-82197
Trust: 0.1
db:VULMONid:CVE-2015-4236
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04473 // 
            
            
            
            VULHUB: VHN-82197 // 
            
            
            
            VULMON: CVE-2015-4236 // 
            
            
            
            BID: 75703 // 
            
            
            
            JVNDB: JVNDB-2015-003551 // 
            
            
            
            CNNVD: CNNVD-201507-338 // 
            
            
            
            NVD: CVE-2015-4236

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39785
Trust: 2.4
url:http://www.securityfocus.com/bid/75703
Trust: 1.3
url:http://www.securitytracker.com/id/1032855
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4236
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4236
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/399.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04473 // 
            
            
            
            VULHUB: VHN-82197 // 
            
            
            
            VULMON: CVE-2015-4236 // 
            
            
            
            BID: 75703 // 
            
            
            
            JVNDB: JVNDB-2015-003551 // 
            
            
            
            CNNVD: CNNVD-201507-338 // 
            
            
            
            NVD: CVE-2015-4236

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75703

SOURCES
db:CNVDid:CNVD-2015-04473
db:VULHUBid:VHN-82197
db:VULMONid:CVE-2015-4236
db:BIDid:75703
db:JVNDBid:JVNDB-2015-003551
db:CNNVDid:CNNVD-201507-338
db:NVDid:CVE-2015-4236

LAST UPDATE DATE
2025-04-13T23:27:32.290000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04473date:2015-07-15T00:00:00
db:VULHUBid:VHN-82197date:2018-10-30T00:00:00
db:VULMONid:CVE-2015-4236date:2018-10-30T00:00:00
db:BIDid:75703date:2015-10-26T16:22:00
db:JVNDBid:JVNDB-2015-003551date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-338date:2015-07-17T00:00:00
db:NVDid:CVE-2015-4236date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04473date:2015-07-15T00:00:00
db:VULHUBid:VHN-82197date:2015-07-10T00:00:00
db:VULMONid:CVE-2015-4236date:2015-07-10T00:00:00
db:BIDid:75703date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-003551date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-338date:2015-07-13T00:00:00
db:NVDid:CVE-2015-4236date:2015-07-10T19:59:00.097