Lucene search

[email protected]NVD:CVE-2016-1411

HistoryDec 14, 2016 - 12:59 a.m.

CVE-2016-1411

2016-12-1400:59:00

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch9.1.0

ciscocontent_security_management_applianceMatch9.1.0-004

ciscocontent_security_management_applianceMatch9.1.0-031

ciscocontent_security_management_applianceMatch9.1.0-033

ciscocontent_security_management_applianceMatch9.1.0-103

ciscocontent_security_management_applianceMatch9.6.0

ciscoemail_security_applianceMatch7.5.2-201

ciscoemail_security_applianceMatch7.5.2-hp2-303

ciscoemail_security_applianceMatch7.6.3-025

ciscoemail_security_applianceMatch8.0.1-023

ciscoemail_security_applianceMatch8.5.0-000

ciscoemail_security_applianceMatch8.5.0-er1-198

ciscoemail_security_applianceMatch8.5.1-021

ciscoweb_security_applianceMatch7.7.0-608

ciscoweb_security_applianceMatch7.7.5-835

ciscoweb_security_applianceMatch8.8.0-000

VendorProductVersionCPE
ciscocontent_security_management_appliance9.1.0cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-004cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-031cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-033cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-103cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.6.0cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*
ciscoemail_security_appliance7.5.2-201cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*
ciscoemail_security_appliance7.5.2-hp2-303cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:*
ciscoemail_security_appliance7.6.3-025cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*
ciscoemail_security_appliance8.0.1-023cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	9.1.0	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:::::::*
cisco	content_security_management_appliance	9.1.0-004	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:::::::*
cisco	content_security_management_appliance	9.1.0-031	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:::::::*
cisco	content_security_management_appliance	9.1.0-033	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:::::::*
cisco	content_security_management_appliance	9.1.0-103	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:::::::*
cisco	content_security_management_appliance	9.6.0	cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:::::::*
cisco	email_security_appliance	7.5.2-201	cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:::::::*
cisco	email_security_appliance	7.5.2-hp2-303	cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:::::::*
cisco	email_security_appliance	7.6.3-025	cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:::::::*
cisco	email_security_appliance	8.0.1-023	cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:::::::*

Rows per page:

1-10 of 161

References

www.securityfocus.com/bid/94791

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

Related for NVD:CVE-2016-1411

prion1 cve1 cvelist1 cisco1 openvas3