CVE-2016-1481

EPSS 0.76%
Veröffentlicht 28.10.2016 10:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Email Security Appliance Version8.5.0-000

Cisco ≫ Email Security Appliance Version8.5.0-er1-198

Cisco ≫ Email Security Appliance Version8.5.6-052

Cisco ≫ Email Security Appliance Version8.5.6-073

Cisco ≫ Email Security Appliance Version8.5.6-074

Cisco ≫ Email Security Appliance Version8.5.6-106

Cisco ≫ Email Security Appliance Version8.5.6-113

Cisco ≫ Email Security Appliance Version8.5.7-042

Cisco ≫ Email Security Appliance Version8.6.0

Cisco ≫ Email Security Appliance Version8.6.0-011

Cisco ≫ Email Security Appliance Version8.9.0

Cisco ≫ Email Security Appliance Version8.9.1-000

Cisco ≫ Email Security Appliance Version8.9.2-032

Cisco ≫ Email Security Appliance Version9.0.0

Cisco ≫ Email Security Appliance Version9.0.0-212

Cisco ≫ Email Security Appliance Version9.0.0-461

Cisco ≫ Email Security Appliance Version9.0.5-000

Cisco ≫ Email Security Appliance Version9.1.0

Cisco ≫ Email Security Appliance Version9.1.0-011

Cisco ≫ Email Security Appliance Version9.1.0-032

Cisco ≫ Email Security Appliance Version9.1.0-101

Cisco ≫ Email Security Appliance Version9.1.1-000

Cisco ≫ Email Security Appliance Version9.4.0

Cisco ≫ Email Security Appliance Version9.4.4-000

Cisco ≫ Email Security Appliance Version9.5.0-000

Cisco ≫ Email Security Appliance Version9.5.0-201

Cisco ≫ Email Security Appliance Version9.6.0-000

Cisco ≫ Email Security Appliance Version9.6.0-042

Cisco ≫ Email Security Appliance Version9.6.0-051

Cisco ≫ Email Security Appliance Version9.7.0-125

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.76%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/93908

http://www.securitytracker.com/id/1037123

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1481

EUVD