VAR-201507-0524
Vulnerability from variot - Updated: 2025-04-13 23:27Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. A security vulnerability exists in Cisco AsyncOS for Cisco ESA devices. An attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug IDs CSCur13704, CSCuq05636, CSCuv43307, and CSCuv99383. The title has been changed to better reflect the underlying components affected. The following releases are affected: Cisco ESA appliances using Release 8.5.6-073, Release 8.5.6-074, and Release 9.0.0-461 software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.8,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.8,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "none"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 8.5.6-073"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 8.5.6-074"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 9.0.0-461"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75703"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04473",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-82197",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4236",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4236",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-04473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-338",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82197",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-4236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. A security vulnerability exists in Cisco AsyncOS for Cisco ESA devices. \nAn attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. \nThis issue is tracked by Cisco Bug IDs CSCur13704, CSCuq05636, CSCuv43307, and CSCuv99383. The title has been changed to better reflect the underlying components affected. The following releases are affected: Cisco ESA appliances using Release 8.5.6-073, Release 8.5.6-074, and Release 9.0.0-461 software",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "BID",
"id": "75703"
},
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "VULMON",
"id": "CVE-2015-4236"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4236",
"trust": 3.5
},
{
"db": "BID",
"id": "75703",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032855",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04473",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82197",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-4236",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"db": "BID",
"id": "75703"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"id": "VAR-201507-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "VULHUB",
"id": "VHN-82197"
}
],
"trust": 1.13892258
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
}
]
},
"last_update_date": "2025-04-13T23:27:32.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39785",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39785"
},
{
"title": "Patch for Cisco Email Security Appliance AsyncOS Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60778"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39785"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/75703"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032855"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4236"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4236"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"db": "BID",
"id": "75703"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"db": "VULHUB",
"id": "VHN-82197"
},
{
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"db": "BID",
"id": "75703"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"date": "2015-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-82197"
},
{
"date": "2015-07-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "75703"
},
{
"date": "2015-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"date": "2015-07-10T19:59:00.097000",
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04473"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-82197"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4236"
},
{
"date": "2015-10-26T16:22:00",
"db": "BID",
"id": "75703"
},
{
"date": "2015-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003551"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-338"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Email Security Appliance Run on device AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-338"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…