PT-2016-4827 · Cisco · Cisco Web Security Appliances+2

Published

2016-10-28

Updated

2017-07-29

CVE-2016-1480

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.1.1-038 Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.7.1-066

Description A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner could allow an unauthenticated, remote attacker to bypass configured user filters on the device. This issue affects devices configured with message or content filters to scan incoming email attachments.

Recommendations For versions prior to 9.1.1-038, update to version 9.1.1-038 or later. For versions prior to 9.7.1-066, update to version 9.7.1-066 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

CVE-2016-1480

Affected Products

Cisco Asyncos

Cisco Email Security Appliances

Cisco Web Security Appliances

PT-2016-4827 · Cisco · Cisco Web Security Appliances+2

CVE-2016-1480

Weakness Enumeration

Related Identifiers

Affected Products

References · 6