Lucene search

[email protected]CVE-2016-6356

HistoryOct 28, 2016 - 10:59 a.m.

CVE-2016-6356

2016-10-2810:59:06

CWE-20

[email protected]

web.nvd.nist.gov

cisco

asyncos

software

email security

appliances

vulnerability

cve-2016-6356

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.8%

JSON

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch3.3.1-09

ciscoemail_security_applianceMatch7.1.0

ciscoemail_security_applianceMatch7.1.1

ciscoemail_security_applianceMatch7.1.2

ciscoemail_security_applianceMatch7.1.3

ciscoemail_security_applianceMatch7.1.4

ciscoemail_security_applianceMatch7.1.5

ciscoemail_security_applianceMatch7.3.0

ciscoemail_security_applianceMatch7.3.1

ciscoemail_security_applianceMatch7.3.2

ciscoemail_security_applianceMatch7.5.0

ciscoemail_security_applianceMatch7.5.1

ciscoemail_security_applianceMatch7.5.2

ciscoemail_security_applianceMatch7.5.2-201

ciscoemail_security_applianceMatch7.6.0

ciscoemail_security_applianceMatch7.6.1-000

ciscoemail_security_applianceMatch7.6.1-gpl-022

ciscoemail_security_applianceMatch7.6.2

ciscoemail_security_applianceMatch7.6.3-000

ciscoemail_security_applianceMatch7.6.3-025

ciscoemail_security_applianceMatch7.7.0-000

ciscoemail_security_applianceMatch7.7.1-000

ciscoemail_security_applianceMatch7.8.0

ciscoemail_security_applianceMatch7.8.0-311

ciscoemail_security_applianceMatch8.0.1-023

ciscoemail_security_applianceMatch8.0_base

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.6.0

ciscoemail_security_applianceMatch8.6.0-011

ciscoemail_security_applianceMatch8.9.0

ciscoemail_security_applianceMatch8.9.1-000

ciscoemail_security_applianceMatch8.9.2-032

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0

ciscoemail_security_applianceMatch9.1.0-011

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.1.0-101

ciscoemail_security_applianceMatch9.4.0

ciscoemail_security_applianceMatch9.4.4-000

ciscoemail_security_applianceMatch9.5.0-000

ciscoemail_security_applianceMatch9.5.0-201

ciscoemail_security_applianceMatch9.6.0-000

ciscoemail_security_applianceMatch9.6.0-042

ciscoemail_security_applianceMatch9.6.0-051

ciscoemail_security_applianceMatch9.7.0-125

ciscoemail_security_applianceMatch9.7.1-066

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq3.3.1-09
cisco:email_security_appliancecisco email security applianceeq7.1.0
cisco:email_security_appliancecisco email security applianceeq7.1.1
cisco:email_security_appliancecisco email security applianceeq7.1.2
cisco:email_security_appliancecisco email security applianceeq7.1.3
cisco:email_security_appliancecisco email security applianceeq7.1.4
cisco:email_security_appliancecisco email security applianceeq7.1.5
cisco:email_security_appliancecisco email security applianceeq7.3.0
cisco:email_security_appliancecisco email security applianceeq7.3.1
cisco:email_security_appliancecisco email security applianceeq7.3.2

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	3.3.1-09
cisco:email_security_appliance	cisco email security appliance	eq	7.1.0
cisco:email_security_appliance	cisco email security appliance	eq	7.1.1
cisco:email_security_appliance	cisco email security appliance	eq	7.1.2
cisco:email_security_appliance	cisco email security appliance	eq	7.1.3
cisco:email_security_appliance	cisco email security appliance	eq	7.1.4
cisco:email_security_appliance	cisco email security appliance	eq	7.1.5
cisco:email_security_appliance	cisco email security appliance	eq	7.3.0
cisco:email_security_appliance	cisco email security appliance	eq	7.3.1
cisco:email_security_appliance	cisco email security appliance	eq	7.3.2

Rows per page:

1-10 of 561

CNA Affected

[
  {
    "product": "Cisco AsyncOS through 9.7.0-125",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS through 9.7.0-125"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93907

www.securitytracker.com/id/1037122

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2016-6356

openvas1 prion1 cisco1 nvd1 cvelist1 threatpost1