CVE-2020-3548
A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.There are no workarounds that address this vulnerability.
EPSS 0.43% · 62.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | secure_email | 0 |
| Cisco | Cisco Secure Email | N/A |
| cisco | email_security_appliance | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2020-3548 (circl-sighting)
- cisco-sa-esa-tls-dos-xW53TBhb (circl)
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 PoC Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 9, 2025 EPSS Score