CVE-2016-6372

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 10.0.0-125 Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.7.2-047 Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.1.1-038

Description A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed.

Recommendations For versions prior to 10.0.0-125, update to version 10.0.0-125 or later. For versions prior to 9.7.2-047, update to version 9.7.2-047 or later. For versions prior to 9.1.1-038, update to version 9.1.1-038 or later.