Lucene search

CiscoCVE-2016-1423

HistoryOct 28, 2016 - 10:59 a.m.

CVE-2016-1423

2016-10-2810:59:00

CWE-79

cisco

web.nvd.nist.gov

vulnerability

email messages

display

messages in quarantine

miq

cisco asyncos

cisco email security appliance

esa

unauthenticated

remote attacker

malicious link

cross-site scripting

xss

html injection

nvd

cve-2016-1423.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

58.4%

JSON

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.

Affected configurations

Nvd

Node

ciscoemail_security_applianceMatch8.9.0

ciscoemail_security_applianceMatch8.9.1-000

ciscoemail_security_applianceMatch8.9.2-032

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0

ciscoemail_security_applianceMatch9.1.0-011

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.1.0-101

VendorProductVersionCPE
ciscoemail_security_appliance8.9.0cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*
ciscoemail_security_appliance8.9.1-000cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*
ciscoemail_security_appliance8.9.2-032cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*
ciscoemail_security_appliance9.0.0cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*
ciscoemail_security_appliance9.0.0-212cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*
ciscoemail_security_appliance9.0.0-461cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*
ciscoemail_security_appliance9.0.5-000cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*
ciscoemail_security_appliance9.1.0cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*
ciscoemail_security_appliance9.1.0-011cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*
ciscoemail_security_appliance9.1.0-032cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance	8.9.0	cpe:2.3:a:cisco:email_security_appliance:8.9.0:::::::*
cisco	email_security_appliance	8.9.1-000	cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:::::::*
cisco	email_security_appliance	8.9.2-032	cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:::::::*
cisco	email_security_appliance	9.0.0	cpe:2.3:a:cisco:email_security_appliance:9.0.0:::::::*
cisco	email_security_appliance	9.0.0-212	cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:::::::*
cisco	email_security_appliance	9.0.0-461	cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:::::::*
cisco	email_security_appliance	9.0.5-000	cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:::::::*
cisco	email_security_appliance	9.1.0	cpe:2.3:a:cisco:email_security_appliance:9.1.0:::::::*
cisco	email_security_appliance	9.1.0-011	cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:::::::*
cisco	email_security_appliance	9.1.0-032	cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Cisco AsyncOS 8.0.2-069",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS 8.0.2-069"
      }
    ]
  }
]

References

www.securityfocus.com/bid/93912

www.securitytracker.com/id/1037113

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

58.4%

JSON

Related for CVE-2016-1423