Lucene search

[email protected]NVD:CVE-2016-6416

HistoryOct 05, 2016 - 5:59 p.m.

CVE-2016-6416

2016-10-0517:59:05

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch9.1.0

ciscocontent_security_management_applianceMatch9.1.0-004

ciscocontent_security_management_applianceMatch9.1.0-031

ciscocontent_security_management_applianceMatch9.1.0-033

ciscocontent_security_management_applianceMatch9.1.0-103

ciscocontent_security_management_applianceMatch9.5.0

ciscocontent_security_management_applianceMatch9.6.0

ciscoemail_security_applianceMatch9.6.0-000

ciscoemail_security_applianceMatch9.6.0-042

ciscoemail_security_applianceMatch9.6.0-051

ciscoemail_security_applianceMatch9.7.1-066

ciscoemail_security_applianceMatch9.9.6-026

ciscoemail_security_applianceMatch9.9_base

ciscoweb_security_applianceMatch9.0.0-162

ciscoweb_security_applianceMatch9.1.0-000

ciscoweb_security_applianceMatch9.1.0-070

ciscoweb_security_applianceMatch9.1_base

ciscoweb_security_applianceMatch9.5.0-235

ciscoweb_security_applianceMatch9.5.0-284

ciscoweb_security_applianceMatch9.5.0-444

ciscoweb_security_applianceMatch9.5_base

VendorProductVersionCPE
ciscocontent_security_management_appliance9.1.0cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-004cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-031cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-033cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.1.0-103cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.5.0cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.6.0cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*
ciscoemail_security_appliance9.6.0-000cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*
ciscoemail_security_appliance9.6.0-042cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*
ciscoemail_security_appliance9.6.0-051cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	9.1.0	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:::::::*
cisco	content_security_management_appliance	9.1.0-004	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:::::::*
cisco	content_security_management_appliance	9.1.0-031	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:::::::*
cisco	content_security_management_appliance	9.1.0-033	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:::::::*
cisco	content_security_management_appliance	9.1.0-103	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:::::::*
cisco	content_security_management_appliance	9.5.0	cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:::::::*
cisco	content_security_management_appliance	9.6.0	cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:::::::*
cisco	email_security_appliance	9.6.0-000	cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:::::::*
cisco	email_security_appliance	9.6.0-042	cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:::::::*
cisco	email_security_appliance	9.6.0-051	cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:::::::*

Rows per page:

1-10 of 211

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos

www.securityfocus.com/bid/93198

www.securitytracker.com/id/1036915

www.securitytracker.com/id/1036916

www.securitytracker.com/id/1036917

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

83.2%

JSON

Related for NVD:CVE-2016-6416

cvelist1 cve1 openvas3 prion1 cisco1