CVE-2016-6356

EPSS 0.76%
Published 28.10.2016 10:59:06
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Email Security Appliance Version3.3.1-09

Cisco ≫ Email Security Appliance Version7.1.0

Cisco ≫ Email Security Appliance Version7.1.1

Cisco ≫ Email Security Appliance Version7.1.2

Cisco ≫ Email Security Appliance Version7.1.3

Cisco ≫ Email Security Appliance Version7.1.4

Cisco ≫ Email Security Appliance Version7.1.5

Cisco ≫ Email Security Appliance Version7.3.0

Cisco ≫ Email Security Appliance Version7.3.1

Cisco ≫ Email Security Appliance Version7.3.2

Cisco ≫ Email Security Appliance Version7.5.0

Cisco ≫ Email Security Appliance Version7.5.1

Cisco ≫ Email Security Appliance Version7.5.2

Cisco ≫ Email Security Appliance Version7.5.2-201

Cisco ≫ Email Security Appliance Version7.6.0

Cisco ≫ Email Security Appliance Version7.6.1-000

Cisco ≫ Email Security Appliance Version7.6.1-gpl-022

Cisco ≫ Email Security Appliance Version7.6.2

Cisco ≫ Email Security Appliance Version7.6.3-000

Cisco ≫ Email Security Appliance Version7.6.3-025

Cisco ≫ Email Security Appliance Version7.7.0-000

Cisco ≫ Email Security Appliance Version7.7.1-000

Cisco ≫ Email Security Appliance Version7.8.0

Cisco ≫ Email Security Appliance Version7.8.0-311

Cisco ≫ Email Security Appliance Version8.0.1-023

Cisco ≫ Email Security Appliance Version8.0_base

Cisco ≫ Email Security Appliance Version8.5.0-000

Cisco ≫ Email Security Appliance Version8.5.0-er1-198

Cisco ≫ Email Security Appliance Version8.5.6-052

Cisco ≫ Email Security Appliance Version8.5.6-073

Cisco ≫ Email Security Appliance Version8.5.6-074

Cisco ≫ Email Security Appliance Version8.5.6-106

Cisco ≫ Email Security Appliance Version8.5.6-113

Cisco ≫ Email Security Appliance Version8.5.7-042

Cisco ≫ Email Security Appliance Version8.6.0

Cisco ≫ Email Security Appliance Version8.6.0-011

Cisco ≫ Email Security Appliance Version8.9.0

Cisco ≫ Email Security Appliance Version8.9.1-000

Cisco ≫ Email Security Appliance Version8.9.2-032

Cisco ≫ Email Security Appliance Version9.0.0

Cisco ≫ Email Security Appliance Version9.0.0-212

Cisco ≫ Email Security Appliance Version9.0.0-461

Cisco ≫ Email Security Appliance Version9.0.5-000

Cisco ≫ Email Security Appliance Version9.1.0

Cisco ≫ Email Security Appliance Version9.1.0-011

Cisco ≫ Email Security Appliance Version9.1.0-032

Cisco ≫ Email Security Appliance Version9.1.0-101

Cisco ≫ Email Security Appliance Version9.4.0

Cisco ≫ Email Security Appliance Version9.4.4-000

Cisco ≫ Email Security Appliance Version9.5.0-000

Cisco ≫ Email Security Appliance Version9.5.0-201

Cisco ≫ Email Security Appliance Version9.6.0-000

Cisco ≫ Email Security Appliance Version9.6.0-042

Cisco ≫ Email Security Appliance Version9.6.0-051

Cisco ≫ Email Security Appliance Version9.7.0-125

Cisco ≫ Email Security Appliance Version9.7.1-066

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.71

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/93907

http://www.securitytracker.com/id/1037122

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-6356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6356

EUVD