PT-2016-4769 · Cisco · Cisco Email Security Appliance+3

Published

2016-12-14

Updated

2016-12-15

CVE-2016-1411

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) versions 7.5.2-201 through 8.2.0-222

Description A vulnerability in the update functionality could allow an unauthenticated, remote attacker to impersonate the update server.

Recommendations For versions 7.5.2-201 through 8.2.0-222, update to a fixed release such as 8.0.2-069, 8.0.2-074, 8.5.7-042, 9.1.0-032, 8.5.2-027, or 9.6.1-019 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2016-1411

Affected Products

Cisco Asyncos

Cisco Content Security Management Appliance

Cisco Email Security Appliance

Cisco Web Security Appliance

PT-2016-4769 · Cisco · Cisco Email Security Appliance+3

CVE-2016-1411

Weakness Enumeration

Related Identifiers

Affected Products

References · 4