CVE-2016-6357

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions 9.7.1-066 through 10.0.9-015, 9.9.6-026

Description A vulnerability in the configured security policies of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment.

Recommendations For version 9.7.1-066, update to a version that includes the fix for this issue. For version 9.9.6-026, update to a version that includes the fix for this issue. For version 10.0.9-015, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the handling of emails with corrupted attachments to minimize the risk of exploitation.