Lucene search

[email protected]CVE-2016-1480

HistoryOct 28, 2016 - 10:59 a.m.

CVE-2016-1480

2016-10-2810:59:01

CWE-388

[email protected]

web.nvd.nist.gov

vulnerability

mime scanner

cisco

asyncos software

esa

wsa

cve-2016-1480

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch8.0.1-023

ciscoemail_security_applianceMatch8.0_base

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.6.0

ciscoemail_security_applianceMatch8.6.0-011

ciscoemail_security_applianceMatch8.9.0

ciscoemail_security_applianceMatch8.9.1-000

ciscoemail_security_applianceMatch8.9.2-032

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0

ciscoemail_security_applianceMatch9.1.0-011

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.1.0-101

ciscoemail_security_applianceMatch9.1.1-000

ciscoemail_security_applianceMatch9.4.0

ciscoemail_security_applianceMatch9.4.4-000

ciscoemail_security_applianceMatch9.5.0-000

ciscoemail_security_applianceMatch9.5.0-201

ciscoemail_security_applianceMatch9.6.0-000

ciscoemail_security_applianceMatch9.6.0-042

ciscoemail_security_applianceMatch9.7.0-125

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq8.0.1-023
cisco:email_security_appliancecisco email security applianceeq8.0_base
cisco:email_security_appliancecisco email security applianceeq8.5.0-000
cisco:email_security_appliancecisco email security applianceeq8.5.0-er1-198
cisco:email_security_appliancecisco email security applianceeq8.5.6-052
cisco:email_security_appliancecisco email security applianceeq8.5.6-073
cisco:email_security_appliancecisco email security applianceeq8.5.6-074
cisco:email_security_appliancecisco email security applianceeq8.5.6-106
cisco:email_security_appliancecisco email security applianceeq8.5.6-113
cisco:email_security_appliancecisco email security applianceeq8.5.7-042

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	8.0.1-023
cisco:email_security_appliance	cisco email security appliance	eq	8.0_base
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-000
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-er1-198
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-052
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-073
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-074
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-106
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-113
cisco:email_security_appliance	cisco email security appliance	eq	8.5.7-042

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "product": "Cisco AsyncOS through WSA10.0.0-000",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS through WSA10.0.0-000"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93914

www.securitytracker.com/id/1037116

www.securitytracker.com/id/1037117

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2016-1480

openvas2 cvelist1 nvd1 prion1 cisco1