CVE-2016-6416

EPSS 0.89%
Veröffentlicht 05.10.2016 17:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Content Security Management Appliance Version9.1.0

Cisco ≫ Content Security Management Appliance Version9.1.0-004

Cisco ≫ Content Security Management Appliance Version9.1.0-031

Cisco ≫ Content Security Management Appliance Version9.1.0-033

Cisco ≫ Content Security Management Appliance Version9.1.0-103

Cisco ≫ Content Security Management Appliance Version9.5.0

Cisco ≫ Content Security Management Appliance Version9.6.0

Cisco ≫ Email Security Appliance Version9.6.0-000

Cisco ≫ Email Security Appliance Version9.6.0-042

Cisco ≫ Email Security Appliance Version9.6.0-051

Cisco ≫ Email Security Appliance Version9.7.1-066

Cisco ≫ Email Security Appliance Version9.9.6-026

Cisco ≫ Email Security Appliance Version9.9_base

Cisco ≫ Web Security Appliance Version9.0.0-162

Cisco ≫ Web Security Appliance Version9.1.0-000

Cisco ≫ Web Security Appliance Version9.1.0-070

Cisco ≫ Web Security Appliance Version9.1_base

Cisco ≫ Web Security Appliance Version9.5.0-235

Cisco ≫ Web Security Appliance Version9.5.0-284

Cisco ≫ Web Security Appliance Version9.5.0-444

Cisco ≫ Web Security Appliance Version9.5_base

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.89%	0.733

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos

Vendor Advisory

http://www.securityfocus.com/bid/93198

http://www.securitytracker.com/id/1036915

http://www.securitytracker.com/id/1036916

http://www.securitytracker.com/id/1036917

https://nvd.nist.gov/vuln/detail/CVE-2016-6416

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6416

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6416

EUVD