Lucene search

[email protected]CVE-2016-6463

HistoryNov 19, 2016 - 3:03 a.m.

CVE-2016-6463

2016-11-1903:03:06

CWE-20

[email protected]

web.nvd.nist.gov

cisco

email security

vulnerability

cve-2016-6463

cybersecurity

cisco asyncos software

amp

remote attacker

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131.

Affected configurations

NVD

Node

ciscoemail_security_appliance_firmwareMatch9.7.0-125

ciscoemail_security_appliance_firmwareMatch9.7.1-06

ciscoemail_security_appliance_firmwareMatch10.0.0-082

CPENameOperatorVersion
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq9.7.0-125
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq9.7.1-06
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq10.0.0-082

CPE	Name	Operator	Version
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	9.7.0-125
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	9.7.1-06
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	10.0.0-082

CNA Affected

[
  {
    "product": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94363

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for CVE-2016-6463

cvelist1 prion1 openvas1 nvd1 cisco1 nessus1