5.9

CVE-2016-1411

EPSS 0.22%
Published 14.12.2016 00:59:00
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Content Security Management Appliance Version9.1.0

Cisco ≫ Content Security Management Appliance Version9.1.0-004

Cisco ≫ Content Security Management Appliance Version9.1.0-031

Cisco ≫ Content Security Management Appliance Version9.1.0-033

Cisco ≫ Content Security Management Appliance Version9.1.0-103

Cisco ≫ Content Security Management Appliance Version9.6.0

Cisco ≫ Email Security Appliance Version7.5.2-201

Cisco ≫ Email Security Appliance Version7.5.2-hp2-303

Cisco ≫ Email Security Appliance Version7.6.3-025

Cisco ≫ Email Security Appliance Version8.0.1-023

Cisco ≫ Email Security Appliance Version8.5.0-000

Cisco ≫ Email Security Appliance Version8.5.0-er1-198

Cisco ≫ Email Security Appliance Version8.5.1-021

Cisco ≫ Web Security Appliance Version7.7.0-608

Cisco ≫ Web Security Appliance Version7.7.5-835

Cisco ≫ Web Security Appliance Version8.8.0-000

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.421

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://www.securityfocus.com/bid/94791

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1411

EUVD