7.5

CVE-2016-1480

EPSS 0.33%
Published 28.10.2016 10:59:01
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Email Security Appliance Version8.0.1-023

Cisco ≫ Email Security Appliance Version8.0_base

Cisco ≫ Email Security Appliance Version8.5.0-000

Cisco ≫ Email Security Appliance Version8.5.0-er1-198

Cisco ≫ Email Security Appliance Version8.5.6-052

Cisco ≫ Email Security Appliance Version8.5.6-073

Cisco ≫ Email Security Appliance Version8.5.6-074

Cisco ≫ Email Security Appliance Version8.5.6-106

Cisco ≫ Email Security Appliance Version8.5.6-113

Cisco ≫ Email Security Appliance Version8.5.7-042

Cisco ≫ Email Security Appliance Version8.6.0

Cisco ≫ Email Security Appliance Version8.6.0-011

Cisco ≫ Email Security Appliance Version8.9.0

Cisco ≫ Email Security Appliance Version8.9.1-000

Cisco ≫ Email Security Appliance Version8.9.2-032

Cisco ≫ Email Security Appliance Version9.0.0

Cisco ≫ Email Security Appliance Version9.0.0-212

Cisco ≫ Email Security Appliance Version9.0.0-461

Cisco ≫ Email Security Appliance Version9.0.5-000

Cisco ≫ Email Security Appliance Version9.1.0

Cisco ≫ Email Security Appliance Version9.1.0-011

Cisco ≫ Email Security Appliance Version9.1.0-032

Cisco ≫ Email Security Appliance Version9.1.0-101

Cisco ≫ Email Security Appliance Version9.1.1-000

Cisco ≫ Email Security Appliance Version9.4.0

Cisco ≫ Email Security Appliance Version9.4.4-000

Cisco ≫ Email Security Appliance Version9.5.0-000

Cisco ≫ Email Security Appliance Version9.5.0-201

Cisco ≫ Email Security Appliance Version9.6.0-000

Cisco ≫ Email Security Appliance Version9.6.0-042

Cisco ≫ Email Security Appliance Version9.7.0-125

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.554

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.securityfocus.com/bid/93914

http://www.securitytracker.com/id/1037116

http://www.securitytracker.com/id/1037117

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1480

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1480

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1480

EUVD