Lucene search

CiscoCVE-2016-6463

HistoryNov 19, 2016 - 3:03 a.m.

CVE-2016-6463

2016-11-1903:03:06

CWE-20

cisco

web.nvd.nist.gov

cisco

email security

vulnerability

cve-2016-6463

cybersecurity

cisco asyncos software

amp

remote attacker

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131.

Affected configurations

Nvd

Node

ciscoemail_security_appliance_firmwareMatch9.7.0-125

ciscoemail_security_appliance_firmwareMatch9.7.1-06

ciscoemail_security_appliance_firmwareMatch10.0.0-082

VendorProductVersionCPE
ciscoemail_security_appliance_firmware9.7.0-125cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.0-125:*:*:*:*:*:*:*
ciscoemail_security_appliance_firmware9.7.1-06cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-06:*:*:*:*:*:*:*
ciscoemail_security_appliance_firmware10.0.0-082cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-082:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance_firmware	9.7.0-125	cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.0-125:::::::*
cisco	email_security_appliance_firmware	9.7.1-06	cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-06:::::::*
cisco	email_security_appliance_firmware	10.0.0-082	cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-082:::::::*

CNA Affected

[
  {
    "product": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94363

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Related for CVE-2016-6463