Lucene search

[email protected]CVE-2016-6372

HistoryOct 28, 2016 - 10:59 a.m.

CVE-2016-6372

2016-10-2810:59:11

CWE-20

[email protected]

web.nvd.nist.gov

cisco

email security

web security

vulnerability

cve-2016-6372

mime

remote attack

content filtering

email attachment

asyncos software

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch8.0.1-023

ciscoemail_security_applianceMatch8.0_base

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.6.0

ciscoemail_security_applianceMatch8.6.0-011

ciscoemail_security_applianceMatch8.9.0

ciscoemail_security_applianceMatch8.9.1-000

ciscoemail_security_applianceMatch8.9.2-032

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0

ciscoemail_security_applianceMatch9.1.0-011

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.1.0-101

ciscoemail_security_applianceMatch9.1.1-000

ciscoemail_security_applianceMatch9.4.0

ciscoemail_security_applianceMatch9.4.4-000

ciscoemail_security_applianceMatch9.5.0-000

ciscoemail_security_applianceMatch9.5.0-201

ciscoemail_security_applianceMatch9.6.0-000

ciscoemail_security_applianceMatch9.6.0-042

ciscoemail_security_applianceMatch9.6.0-051

ciscoemail_security_applianceMatch9.7.0-125

ciscoemail_security_applianceMatch9.7.1-066

ciscoemail_security_applianceMatch9.9.6-026

ciscoemail_security_applianceMatch9.9_base

ciscoweb_security_applianceMatch5.6.0-623

ciscoweb_security_applianceMatch6.0.0-000

ciscoweb_security_applianceMatch7.1.0

ciscoweb_security_applianceMatch7.1.1

ciscoweb_security_applianceMatch7.1.2

ciscoweb_security_applianceMatch7.1.3

ciscoweb_security_applianceMatch7.1.4

ciscoweb_security_applianceMatch7.5.0-000

ciscoweb_security_applianceMatch7.5.0-825

ciscoweb_security_applianceMatch7.5.1-000

ciscoweb_security_applianceMatch7.5.2-000

ciscoweb_security_applianceMatch7.5.2-hp2-303

ciscoweb_security_applianceMatch7.7.0-000

ciscoweb_security_applianceMatch7.7.0-608

ciscoweb_security_applianceMatch7.7.1-000

ciscoweb_security_applianceMatch7.7.5-835

ciscoweb_security_applianceMatch8.0.0-000

ciscoweb_security_applianceMatch8.0.5

ciscoweb_security_applianceMatch8.0.6

ciscoweb_security_applianceMatch8.0.6-078

ciscoweb_security_applianceMatch8.0.6-119

ciscoweb_security_applianceMatch8.0.7

ciscoweb_security_applianceMatch8.0.7-142

ciscoweb_security_applianceMatch8.0.8-mr-113

ciscoweb_security_applianceMatch8.5.0-497

ciscoweb_security_applianceMatch8.5.0.000

ciscoweb_security_applianceMatch8.5.1-021

ciscoweb_security_applianceMatch8.5.2-024

ciscoweb_security_applianceMatch8.5.2-027

ciscoweb_security_applianceMatch8.5.3-055

ciscoweb_security_applianceMatch8.8.0-000

ciscoweb_security_applianceMatch8.8.0-085

ciscoweb_security_applianceMatch9.0.0-193

ciscoweb_security_applianceMatch9.0_base

ciscoweb_security_applianceMatch9.1.0-000

ciscoweb_security_applianceMatch9.1.0-070

ciscoweb_security_applianceMatch9.1_base

ciscoweb_security_applianceMatch9.5.0-235

ciscoweb_security_applianceMatch9.5.0-284

ciscoweb_security_applianceMatch9.5.0-444

ciscoweb_security_applianceMatch9.5_base

ciscoweb_security_appliance_8.0.5Matchhot_patch_1

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq8.0.1-023
cisco:email_security_appliancecisco email security applianceeq8.0_base
cisco:email_security_appliancecisco email security applianceeq8.5.0-000
cisco:email_security_appliancecisco email security applianceeq8.5.0-er1-198
cisco:email_security_appliancecisco email security applianceeq8.5.6-052
cisco:email_security_appliancecisco email security applianceeq8.5.6-073
cisco:email_security_appliancecisco email security applianceeq8.5.6-074
cisco:email_security_appliancecisco email security applianceeq8.5.6-106
cisco:email_security_appliancecisco email security applianceeq8.5.6-113
cisco:email_security_appliancecisco email security applianceeq8.5.7-042

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	8.0.1-023
cisco:email_security_appliance	cisco email security appliance	eq	8.0_base
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-000
cisco:email_security_appliance	cisco email security appliance	eq	8.5.0-er1-198
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-052
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-073
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-074
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-106
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-113
cisco:email_security_appliance	cisco email security appliance	eq	8.5.7-042

Rows per page:

1-10 of 771

CNA Affected

[
  {
    "product": "Cisco AsyncOS through WSA10.0.0-000",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS through WSA10.0.0-000"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93911

www.securitytracker.com/id/1037118

www.securitytracker.com/id/1037119

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2016-6372

prion1 openvas2 nvd1 cisco1 cvelist1