Lucene search

[email protected]CVE-2016-1486

HistoryOct 28, 2016 - 10:59 a.m.

CVE-2016-1486

2016-10-2810:59:05

CWE-19

[email protected]

web.nvd.nist.gov

cisco

email security

vulnerability

amp

cisco asyncos software

dos

cve-2016-1486

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

JSON

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.6.0

ciscoemail_security_applianceMatch8.6.0-011

ciscoemail_security_applianceMatch8.9.0

ciscoemail_security_applianceMatch8.9.1-000

ciscoemail_security_applianceMatch8.9.2-032

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0

ciscoemail_security_applianceMatch9.1.0-011

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.1.0-101

ciscoemail_security_applianceMatch9.1.1-000

ciscoemail_security_applianceMatch9.4.0

ciscoemail_security_applianceMatch9.4.4-000

ciscoemail_security_applianceMatch9.5.0-000

ciscoemail_security_applianceMatch9.5.0-201

ciscoemail_security_applianceMatch9.6.0-000

ciscoemail_security_applianceMatch9.6.0-042

ciscoemail_security_applianceMatch9.6.0-051

ciscoemail_security_applianceMatch9.7.0-125

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq8.5.0-000
cisco:email_security_appliancecisco email security applianceeq8.5.0-er1-198
cisco:email_security_appliancecisco email security applianceeq8.5.6-052
cisco:email_security_appliancecisco email security applianceeq8.5.6-073
cisco:email_security_appliancecisco email security applianceeq8.5.6-074
cisco:email_security_appliancecisco email security applianceeq8.5.6-106
cisco:email_security_appliancecisco email security applianceeq8.5.6-113
cisco:email_security_appliancecisco email security applianceeq8.5.7-042
cisco:email_security_appliancecisco email security applianceeq8.6.0
cisco:email_security_appliancecisco email security applianceeq8.6.0-011

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-000
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-er1-198
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-052
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-073
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-074
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-106
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-113
cisco:email_security_appliance	cisco email security appliance	eq	8.5.7-042
cisco:email_security_appliance	cisco email security appliance	eq	8.6.0
cisco:email_security_appliance	cisco email security appliance	eq	8.6.0-011

Rows per page:

1-10 of 301

CNA Affected

[
  {
    "product": "Cisco AsyncOS through 9.7.1-066",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS through 9.7.1-066"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93906

www.securitytracker.com/id/1037124

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2016-1486

openvas1 cisco1 prion1 nvd1 cvelist1 threatpost1