PT-2016-4827 · Cisco · Cisco Web Security Appliances+2

Publicado

2016-10-28

Atualizado

2017-07-29

CVE-2016-1480

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.1.1-038 Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.7.1-066

Description A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner could allow an unauthenticated, remote attacker to bypass configured user filters on the device. This issue affects devices configured with message or content filters to scan incoming email attachments.

Recommendations For versions prior to 9.1.1-038, update to version 9.1.1-038 or later. For versions prior to 9.7.1-066, update to version 9.7.1-066 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-388

Identificadores relacionados

CVE-2016-1480

Produtos afetados

Cisco Asyncos

Cisco Email Security Appliances

Cisco Web Security Appliances

PT-2016-4827 · Cisco · Cisco Web Security Appliances+2

CVE-2016-1480

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6