Lucene search

[email protected]CVE-2016-1411

HistoryDec 14, 2016 - 12:59 a.m.

CVE-2016-1411

2016-12-1400:59:00

CWE-310

[email protected]

web.nvd.nist.gov

cisco

asyncos software

email security

web security

content management

vulnerability

cve-2016-1411

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Affected configurations

NVD

Node

ciscocontent_security_management_applianceMatch9.1.0

ciscocontent_security_management_applianceMatch9.1.0-004

ciscocontent_security_management_applianceMatch9.1.0-031

ciscocontent_security_management_applianceMatch9.1.0-033

ciscocontent_security_management_applianceMatch9.1.0-103

ciscocontent_security_management_applianceMatch9.6.0

ciscoemail_security_applianceMatch7.5.2-201

ciscoemail_security_applianceMatch7.5.2-hp2-303

ciscoemail_security_applianceMatch7.6.3-025

ciscoemail_security_applianceMatch8.0.1-023

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.1-021

ciscoweb_security_applianceMatch7.7.0-608

ciscoweb_security_applianceMatch7.7.5-835

ciscoweb_security_applianceMatch8.8.0-000

CPENameOperatorVersion
cisco:content_security_management_appliancecisco content security management applianceeq9.1.0
cisco:content_security_management_appliancecisco content security management applianceeq9.1.0-004
cisco:content_security_management_appliancecisco content security management applianceeq9.1.0-031
cisco:content_security_management_appliancecisco content security management applianceeq9.1.0-033
cisco:content_security_management_appliancecisco content security management applianceeq9.1.0-103
cisco:content_security_management_appliancecisco content security management applianceeq9.6.0
cisco:email_security_appliancecisco email security applianceeq7.5.2-201
cisco:email_security_appliancecisco email security applianceeq7.5.2-hp2-303
cisco:email_security_appliancecisco email security applianceeq7.6.3-025
cisco:email_security_appliancecisco email security applianceeq8.0.1-023

CPE	Name	Operator	Version
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.1.0
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.1.0-004
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.1.0-031
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.1.0-033
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.1.0-103
cisco:content_security_management_appliance	cisco content security management appliance	eq	9.6.0
cisco:email_security_appliance	cisco email security appliance	eq	7.5.2-201
cisco:email_security_appliance	cisco email security appliance	eq	7.5.2-hp2-303
cisco:email_security_appliance	cisco email security appliance	eq	7.6.3-025
cisco:email_security_appliance	cisco email security appliance	eq	8.0.1-023

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "Cisco AsyncOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94791

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

Related for CVE-2016-1411

prion1 openvas3 nvd1 cvelist1 cisco1