PT-2016-6841 · Cisco · Cisco Email Security Appliance+1

Published

2016-10-28

Updated

2017-07-29

CVE-2016-6357

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions 9.7.1-066 through 10.0.9-015, 9.9.6-026

Description A vulnerability in the configured security policies of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment.

Recommendations For version 9.7.1-066, update to a version that includes the fix for this issue. For version 9.9.6-026, update to a version that includes the fix for this issue. For version 10.0.9-015, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the handling of emails with corrupted attachments to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

CVE-2016-6357

Affected Products

Cisco Asyncos

Cisco Email Security Appliance

PT-2016-6841 · Cisco · Cisco Email Security Appliance+1

CVE-2016-6357

Weakness Enumeration

Related Identifiers

Affected Products

References · 5