Improper input validation in Cisco Email_security_appliance_firmware

CVE-2015-4278

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a dom…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (63.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Email_security_appliance_firmware — versions 8.5.6-106, 9.5.0-201
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20150715 Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032961 (vdb-entry, x_refsource_SECTRACK)