CVE-2016-6372

EPSS 0.27%
Published 28.10.2016 10:59:11
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Email Security Appliance Version8.0.1-023

Cisco ≫ Email Security Appliance Version8.0_base

Cisco ≫ Email Security Appliance Version8.5.0-000

Cisco ≫ Email Security Appliance Version8.5.0-er1-198

Cisco ≫ Email Security Appliance Version8.5.6-052

Cisco ≫ Email Security Appliance Version8.5.6-073

Cisco ≫ Email Security Appliance Version8.5.6-074

Cisco ≫ Email Security Appliance Version8.5.6-106

Cisco ≫ Email Security Appliance Version8.5.6-113

Cisco ≫ Email Security Appliance Version8.5.7-042

Cisco ≫ Email Security Appliance Version8.6.0

Cisco ≫ Email Security Appliance Version8.6.0-011

Cisco ≫ Email Security Appliance Version8.9.0

Cisco ≫ Email Security Appliance Version8.9.1-000

Cisco ≫ Email Security Appliance Version8.9.2-032

Cisco ≫ Email Security Appliance Version9.0.0

Cisco ≫ Email Security Appliance Version9.0.0-212

Cisco ≫ Email Security Appliance Version9.0.0-461

Cisco ≫ Email Security Appliance Version9.0.5-000

Cisco ≫ Email Security Appliance Version9.1.0

Cisco ≫ Email Security Appliance Version9.1.0-011

Cisco ≫ Email Security Appliance Version9.1.0-032

Cisco ≫ Email Security Appliance Version9.1.0-101

Cisco ≫ Email Security Appliance Version9.1.1-000

Cisco ≫ Email Security Appliance Version9.4.0

Cisco ≫ Email Security Appliance Version9.4.4-000

Cisco ≫ Email Security Appliance Version9.5.0-000

Cisco ≫ Email Security Appliance Version9.5.0-201

Cisco ≫ Email Security Appliance Version9.6.0-000

Cisco ≫ Email Security Appliance Version9.6.0-042

Cisco ≫ Email Security Appliance Version9.6.0-051

Cisco ≫ Email Security Appliance Version9.7.0-125

Cisco ≫ Email Security Appliance Version9.7.1-066

Cisco ≫ Email Security Appliance Version9.9.6-026

Cisco ≫ Email Security Appliance Version9.9_base

Cisco ≫ Web Security Appliance Version5.6.0-623

Cisco ≫ Web Security Appliance Version6.0.0-000

Cisco ≫ Web Security Appliance Version7.1.0

Cisco ≫ Web Security Appliance Version7.1.1

Cisco ≫ Web Security Appliance Version7.1.2

Cisco ≫ Web Security Appliance Version7.1.3

Cisco ≫ Web Security Appliance Version7.1.4

Cisco ≫ Web Security Appliance Version7.5.0-000

Cisco ≫ Web Security Appliance Version7.5.0-825

Cisco ≫ Web Security Appliance Version7.5.1-000

Cisco ≫ Web Security Appliance Version7.5.2-000

Cisco ≫ Web Security Appliance Version7.5.2-hp2-303

Cisco ≫ Web Security Appliance Version7.7.0-000

Cisco ≫ Web Security Appliance Version7.7.0-608

Cisco ≫ Web Security Appliance Version7.7.1-000

Cisco ≫ Web Security Appliance Version7.7.5-835

Cisco ≫ Web Security Appliance Version8.0.0-000

Cisco ≫ Web Security Appliance Version8.0.5

Cisco ≫ Web Security Appliance Version8.0.6

Cisco ≫ Web Security Appliance Version8.0.6-078

Cisco ≫ Web Security Appliance Version8.0.6-119

Cisco ≫ Web Security Appliance Version8.0.7

Cisco ≫ Web Security Appliance Version8.0.7-142

Cisco ≫ Web Security Appliance Version8.0.8-mr-113

Cisco ≫ Web Security Appliance Version8.5.0-497

Cisco ≫ Web Security Appliance Version8.5.0.000

Cisco ≫ Web Security Appliance Version8.5.1-021

Cisco ≫ Web Security Appliance Version8.5.2-024

Cisco ≫ Web Security Appliance Version8.5.2-027

Cisco ≫ Web Security Appliance Version8.5.3-055

Cisco ≫ Web Security Appliance Version8.8.0-000

Cisco ≫ Web Security Appliance Version8.8.0-085

Cisco ≫ Web Security Appliance Version9.0.0-193

Cisco ≫ Web Security Appliance Version9.0_base

Cisco ≫ Web Security Appliance Version9.1.0-000

Cisco ≫ Web Security Appliance Version9.1.0-070

Cisco ≫ Web Security Appliance Version9.1_base

Cisco ≫ Web Security Appliance Version9.5.0-235

Cisco ≫ Web Security Appliance Version9.5.0-284

Cisco ≫ Web Security Appliance Version9.5.0-444

Cisco ≫ Web Security Appliance Version9.5_base

Cisco ≫ Web Security Appliance 8.0.5 Versionhot_patch_1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.475

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/93911

http://www.securitytracker.com/id/1037118

http://www.securitytracker.com/id/1037119

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-6372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6372

EUVD