CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.

Una vulnerabilidad en el motor de descompresión zip del software Cisco AsyncOS para Cisco Email Security Appliance (ESA) podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una validación incorrecta de los archivos zip. Un atacante podría aprovechar esta vulnerabilidad enviando un mensaje de correo electrónico con un archivo adjunto comprimido comprimido. Una explotación con éxito podría desencadenar un reinicio del proceso de escaneo de contenido, causando una condición DoS temporal. Esta vulnerabilidad afecta al software Cisco AsyncOS para las versiones de Cisco ESA anteriores a 13.0.