fkie_cve-2016-6356
Vulnerability from fkie_nvd
Published
2016-10-28 10:59
Modified
2024-11-21 02:55
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/93907
psirt@cisco.comhttp://www.securitytracker.com/id/1037122
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93907
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037122
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3Vendor Advisory
Impacted products
Vendor Product Version
cisco email_security_appliance 3.3.1-09
cisco email_security_appliance 7.1.0
cisco email_security_appliance 7.1.1
cisco email_security_appliance 7.1.2
cisco email_security_appliance 7.1.3
cisco email_security_appliance 7.1.4
cisco email_security_appliance 7.1.5
cisco email_security_appliance 7.3.0
cisco email_security_appliance 7.3.1
cisco email_security_appliance 7.3.2
cisco email_security_appliance 7.5.0
cisco email_security_appliance 7.5.1
cisco email_security_appliance 7.5.2
cisco email_security_appliance 7.5.2-201
cisco email_security_appliance 7.6.0
cisco email_security_appliance 7.6.1-000
cisco email_security_appliance 7.6.1-gpl-022
cisco email_security_appliance 7.6.2
cisco email_security_appliance 7.6.3-000
cisco email_security_appliance 7.6.3-025
cisco email_security_appliance 7.7.0-000
cisco email_security_appliance 7.7.1-000
cisco email_security_appliance 7.8.0
cisco email_security_appliance 7.8.0-311
cisco email_security_appliance 8.0.1-023
cisco email_security_appliance 8.0_base
cisco email_security_appliance 8.5.0-000
cisco email_security_appliance 8.5.0-er1-198
cisco email_security_appliance 8.5.6-052
cisco email_security_appliance 8.5.6-073
cisco email_security_appliance 8.5.6-074
cisco email_security_appliance 8.5.6-106
cisco email_security_appliance 8.5.6-113
cisco email_security_appliance 8.5.7-042
cisco email_security_appliance 8.6.0
cisco email_security_appliance 8.6.0-011
cisco email_security_appliance 8.9.0
cisco email_security_appliance 8.9.1-000
cisco email_security_appliance 8.9.2-032
cisco email_security_appliance 9.0.0
cisco email_security_appliance 9.0.0-212
cisco email_security_appliance 9.0.0-461
cisco email_security_appliance 9.0.5-000
cisco email_security_appliance 9.1.0
cisco email_security_appliance 9.1.0-011
cisco email_security_appliance 9.1.0-032
cisco email_security_appliance 9.1.0-101
cisco email_security_appliance 9.4.0
cisco email_security_appliance 9.4.4-000
cisco email_security_appliance 9.5.0-000
cisco email_security_appliance 9.5.0-201
cisco email_security_appliance 9.6.0-000
cisco email_security_appliance 9.6.0-042
cisco email_security_appliance 9.6.0-051
cisco email_security_appliance 9.7.0-125
cisco email_security_appliance 9.7.1-066


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:3.3.1-09:*:*:*:*:*:*:*",
              "matchCriteriaId": "B447F5BF-B930-412C-BB5B-76FB59F2131F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD539F0-FB4C-43BB-B84D-8EB2D5780C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0119B5B-0DE1-40DE-B987-5BD090C46396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9B9EA8-AC3E-46B5-9E1A-C5CDA49C2417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3584055D-21D7-4701-A6DA-3A42037C235D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F65C35-8F6C-443A-8A70-507E2BECE434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C08DF98F-D463-444A-9C99-3D9F598AD35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72B46B14-F730-4C19-B990-7A97180A6B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B559C5-4D63-4F19-B52D-71AE2D057983",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A024420-2138-45C2-A1B1-D9E6C421CC43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7861DE-6DC4-445E-B881-E731E78C933E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1883A6-FD4A-4E06-AA83-C2E1035C5BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8209F5B3-2F65-4976-86CE-8C3F92D6D053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E2D3BA-C2EF-4178-B1EA-0E2318DAFE37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "048157E8-DC18-47D6-8061-6D209C4B640A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C970A35B-04DD-45A4-A739-585ACEE496AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC3BF72-7CD4-47F8-B98F-7D61802A22BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82842FC8-6041-4FD6-AA4B-818052798F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA18CA46-D4FA-48C8-A632-9C618C4C647C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD7AD8D8-C690-47C6-8A58-8499266F9659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6096CDB-3908-4E75-A9B6-285738C582B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B13FE0-91B3-48AC-83D5-839E9C49AF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F11D078-2A4A-40C2-8DBA-3A9529355245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0-311:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9C47AD-38DA-44BE-8868-A21F93332783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FABFD96-9076-4838-A775-7DA478214760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D070904-FF6A-4356-A6B9-FC572CF4ADEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*",
              "matchCriteriaId": "A511EEC7-A7B4-46A0-9182-42B6FFB0E103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8A45A9-0835-4F4D-99D1-4E894EE95B5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFD829C-2BA8-4EA6-A846-74776A05D105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*",
              "matchCriteriaId": "46895808-4225-42FB-BA8B-12ADFADAB4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E7090B-6FB0-4161-8534-BD2561B1C203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*",
              "matchCriteriaId": "62CA88FC-047E-4EA4-B3E9-E903DD1892CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4A2C13-FB68-4DAD-AC0E-A90260655F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "B574E66D-783A-48E6-A04A-16E0B1A56EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE973E6A-4BE5-44D7-9E66-B966377F2315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6412D3-E788-45F8-B4E5-4795CD88F3C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*",
              "matchCriteriaId": "79408E18-14BE-486A-AAD1-95A3871CCD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F4ABDB-16DC-4D8F-B2D8-9724133F40BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2F388-FFE1-43BD-A9B6-D21043F86AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF05089-FDC2-4D78-9949-B313A11A3FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*",
              "matchCriteriaId": "22602224-5873-4B62-A3B4-66B9E590B73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*",
              "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la caracter\u00edstica de filtrado de mensajes de email de Cisco AsyncOS Software para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenv\u00ede mensajes de email debido a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a todas las versiones previas a la primera versi\u00f3n fija de Cisco AsyncOS Software para Cisco Email Security Appliances, ambos dispositivos virtuales y hardware, si el software est\u00e1 configurado para aplicar un filtro de mensajes o un filtro de contenido a los adjuntos de mails entrantes. La vulnerabilidad no est\u00e1 limitada a reglas o acciones espec\u00edficas del filtro de mensajes o del filtro de contenido. M\u00e1s informaci\u00f3n: CSCuz63143. Lanzamientos conocidos afectados: 8.5.7-042 9.7.0-125. Lanzamientos conocidos solucionados: 10.0.0-125 9.1.1-038 9.7.2-047."
    }
  ],
  "id": "CVE-2016-6356",
  "lastModified": "2024-11-21T02:55:58.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-28T10:59:06.587",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93907"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037122"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.